„When building web applications, one thorny issue is URI escaping and unescaping. This is especially important when passing data between different systems or through multiple redirects. It’s possible to end up with double- or triple-escaped URIs, which the application might not handle correctly.

For example, if you pass „Los Angeles“ through escaping once, you get „Los%20Angeles“. Web applications expect this, so they decode their input. If there is a redirect in the path, however, you may end up with the double-escaped string „Los%2520Angeles“. Triple escaping looks like „Los%252520Angeles“. Obviously, you wouldn’t want to enter one of those into a database … or use it for output.“

ONLamp.com — A Canary Trap for URI Escaping

ONLamp.com — A Canary Trap for URI Escaping

Von admin

Ähnlicher Beitrag

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert