codeDog - the SET Vulnerability

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
User avatar
Heavy
Forum Contributor
Posts: 478
Joined: Sun Sep 22, 2002 7:36 am
Location: Viksjöfors, Hälsingland, Sweden
Contact:

codeDog - the SET Vulnerability

Post by Heavy »

http://www.codedog.net/CodeDog/view/1,2 ... 63,00.html

Can someone read this and tell me whether the problem is a problem in PHP too? I don't recognise what code / language it is all about.

The article is about injecting malicious code in HTTP headers...
User avatar
mrvanjohnson
Forum Contributor
Posts: 137
Joined: Wed May 28, 2003 11:38 am
Location: San Diego, CA

Post by mrvanjohnson »

He references Vignette, which is a Content Management system that looks like it uses TCL programming. He also says he coded the flaw into his site. In any event, he goes on to talk about Vignette Class and learning the SET command. I am thinking this is either a proprietary scripting for the CMS or TCL coding. The CMS itself reminds me a lot of Zope which is Python based.

Whether or not this can be accomplished in PHP I don’t think so. But if you’ve got some time maybe you should try it. I’m not sure what the SET command is suppose to be doing so I couldn’t tell you how to emulate it. Perhaps you can get in touch the author and get more info.
Post Reply