1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Discuss in my forum

URL encoding (application/form-url-encoded)


Definition: URL encoding (application/form-url-encoded): A problem exists when people need to send binary data as part of a URL. Therefore, URLs include the ability to "encode" binary information as part of the text field. Key point: This encoding mechanism can be used to alter the signature of a hacker attack via web-based protocols. Such encoding can be used to evade detection by lightweight intrusion detection systems that are unable to "normalize" the URL. Example: The Microsoft web-server in their ASP server-side scripts such that a hacker could append a dot to the end of the URL in order to read the script contents rather than executing the script. Microsoft created a patch, but hackers soon found they could evade the patch by URL-encoding the dot (appending a %2E to the end of the scrip rather than a dot). Examples: http://www.robertgraham.com/sample.asp Normal URL http:// www.robertgraham.com/sample.asp. Attempt to read script rather than executing it. http://www.robertgraham.com/sample.asp%2E URL-encoding in order to evade patch. http://www.robertgraham.com/sample.%61sp%2E Further URL-encoding in order to evade intrusion detection systems. From Hacking-Lexicon

* Linux/Unix/Computing Glossary

  1. About.com
  2. Technology
  3. Linux

©2014 About.com. All rights reserved.