![]() Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. This is often referred as escaped ending or percent-encoding. For instance US-ASCII space character would be represented with %20. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). A URL may contain special character that need special syntax handling in order to be interpreted. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. Boxes can be used to display things like location info, store hours, pictures, ads, etc.This attack targets the encoding of the URL combined with the encoding of the slash characters. You can add and remove as many boxes as you want.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |