CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Tuesday, April 9, 2024

Percent Encoding and the Attacks they are Associated

 PERCENT ENCODING


Character            Percent Encoding        Attack
space                   %20                              SQLi
'                            %27                              SQLi
Examples: 
%27%20or%20%27
'%20or%20"


.                            %2E                            Directory Traversal
/                            %2F                            Directory Traversal
Examples:
%2E%2E%2F%2E%2E%2F
..%2E..%2E
..2F..2F

<                           %3C                           XSS (Cross-site Scripting)
>                           %3E                           XSS (Cross-site Scripting)
<script>
Also, look for .js at the end of a URL
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)