Double Encoding Attacks: How Attackers Bypass Security Filters
Double encoding encodes data twice to bypass filters that only decode once. Learn how %2526 becomes % after one decode and & after two, and how to defend against it.
Published:
Tags: security, encoding, attacks
Double Encoding Attacks: How Attackers Bypass Security Filters Security filters that operate on encoded input are vulnerable to a class of attack where the attacker encodes malicious content twice. The filter decodes once, sees what appears to be safe encoded content, and passes it through. The application then decodes again, ending up with the malicious payload. Double encoding attacks are not a theoretical curiosity. They have been used against web application firewalls, IDS systems, URL filters, path traversal defenses, and XSS filters. This article explains the mechanics and shows you how to build systems that are not susceptible. URL Double Encoding: Bypassing Path Traversal Filters The Attack Mechanics Path traversal attempts use to navigate up the directory tree: A security filter…
All articles · theproductguy.in