http://www.codedog.net/CodeDog/view/1,2 ... 63,00.html
Can someone read this and tell me whether the problem is a problem in PHP too? I don't recognise what code / language it is all about.
The article is about injecting malicious code in HTTP headers...
codeDog - the SET Vulnerability
Moderator: General Moderators
- mrvanjohnson
- Forum Contributor
- Posts: 137
- Joined: Wed May 28, 2003 11:38 am
- Location: San Diego, CA
He references Vignette, which is a Content Management system that looks like it uses TCL programming. He also says he coded the flaw into his site. In any event, he goes on to talk about Vignette Class and learning the SET command. I am thinking this is either a proprietary scripting for the CMS or TCL coding. The CMS itself reminds me a lot of Zope which is Python based.
Whether or not this can be accomplished in PHP I don’t think so. But if you’ve got some time maybe you should try it. I’m not sure what the SET command is suppose to be doing so I couldn’t tell you how to emulate it. Perhaps you can get in touch the author and get more info.
Whether or not this can be accomplished in PHP I don’t think so. But if you’ve got some time maybe you should try it. I’m not sure what the SET command is suppose to be doing so I couldn’t tell you how to emulate it. Perhaps you can get in touch the author and get more info.