Hello,

I have a question. I'm writing a paper on header manipulation on web statistics
software involving injection of html, ssi, javascript, vbscript,etc.. I've managed
to find examples of all of the above. I have not found any php examples though. I'm
not a php coder so I have a few questions.

First read this UNFINISHED PAPER/UNEDITED.
http://www.cgisecurity.net/papers/header-based-exploitation.txt
(Probably riddled with errors so don't flame me horribly)

Then is it possible to insert php commands? I wrote in the paper it was based
off of theory but theory doesn't always cut the cheese. This isn't going
to be published until I correct the errors. Also would tcl,python, xml, other
have this same issue?

Thanks

- zenomorph

PS: be nice :)

.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]