What are these strange (URL-Encoded) characters doing in your code?

Overview[edit]

Attackers sometimes hide code away from prying eyes by URL Encoding it.

The purpose of URL Encoding is to allow non-URL compatible characters to be passed via the URL. There are many legitimate reasons for doing this, such as hiding email from spammers, dealing with spaces in file names. etc.

However, if you find odd, URL-encoded text in your site's files, you should investigate immediately. URL encoded text is very easy to translate using PHP, javascript, or one of the many free, online translators.

Here are some trivial, non-functioning examples of URL Encoded text:

Original	URL Encoded
this line has spaces	this%20line%20has%20spaces
eval(evil_script(http://www.evilsite/?evilscript.pl"));	%65val%28%65%76il_%73cri%70t %28%68tt%70%3A//%77%77%77.%65%76il%73ite/%3F%65%76il%73 cript.%70l%22%29%29%3B

Resources

What are these strange (URL-Encoded) characters doing in your code?

From Joomla! Documentation

Revision as of 16:06, 17 October 2012 by Tom Hutchison (talk | contribs) (eliminate repeating the title and table markup into wikitable markup)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview[edit]

What are these strange (URL-Encoded) characters doing in your code?

From Joomla! Documentation

Revision as of 16:06, 17 October 2012 by Tom Hutchison (talk | contribs) (eliminate repeating the title and table markup into wikitable markup)(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview[edit]

Revision as of 16:06, 17 October 2012 by Tom Hutchison (talk | contribs) (eliminate repeating the title and table markup into wikitable markup)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)