'how does URL encoding multiple escape-encoding at different layers cause problems
I was reading an article (https://help.sap.com/saphelp_nw73/helpdata/en/ce/1d3fc8da774366aa633a953f02a71a/content.htm?no_cache=true) which says:
The backslash \ can be described as "%5c" or the following permutations:
%255c
%%35c
%%35%63
%25%35%63
I don't quite get, for example,
%%35c, how does %%3 get multi encoded to % so it can be combined with 5c to form %5c?
Solution 1:[1]
Best explanation I can think of is if there's multiple layers in an application that each 'url decode' the string as it passes through.
Definitely not impossible for this to happen, for example, sometimes a URL is encoded in a URL:
http://example1.com/?redirect-to=http%3A%2F%2Fexample1.com%2F
In these kinds of scenarios an encoded \ in the second url would be double-encoded.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Evert |