This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Unicode Encoding"
Deleted user (talk | contribs) |
Deleted user (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | [http://s1.shard.jp/olharder/autosurf-site.html cardiovascular diabetic autonomic neuropathy
] [http://s1.shard.jp/olharder/automatic-bread.html automotive chameleon paint changes purple to aqua
] [http://s1.shard.jp/galeach/new98.html 1960s american asian civil in right
] [http://s1.shard.jp/losaul/limousine-hire.html art posters australia
] [http://s1.shard.jp/olharder/auto-insurance.html autoexecute file
] [http://s1.shard.jp/frhorton/q7wm62r24.html john africa move
] [http://s1.shard.jp/bireba/symantec-antivirus.html linux antivirus review
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/galeach/new110.html asian model petite
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/galeach/new35.html asians lip syncing backstreet
] [http://s1.shard.jp/frhorton/tyyykyebz.html dancing skeleton life and death in west africa
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/losaul/australia-cost.html skywest airline australia
] [http://s1.shard.jp/losaul/ash-australia.html sydney australia restaurants
] [http://s1.shard.jp/bireba/latest-antivirus.html pc cillin antivirus updates
] [http://s1.shard.jp/losaul/bmw-australia.html tiwi islands australia
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/galeach/new133.html new orleans asian massage parlors
] [http://s1.shard.jp/bireba/panda-antivirus.html symantec antivirus download
] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african freedom songs
] [http://s1.shard.jp/frhorton/qpxrkrvqf.html african lion feeding habits
] [http://s1.shard.jp/losaul/australia-uranium.html international fax codes australia
] [http://s1.shard.jp/frhorton/ds9o5dtz4.html africa mountain pictures
] [http://s1.shard.jp/galeach/new127.html asian wife pictures
] [http://s1.shard.jp/frhorton/sofu2962u.html africa skin animal
] [http://s1.shard.jp/olharder/auto-ventashade.html auto starting limewire
] [http://s1.shard.jp/olharder/prestige-auto.html ricambi auto volkswagen
] [http://s1.shard.jp/losaul/australian-hotel.html tennis australian open schedules
] [http://s1.shard.jp/frhorton/2wh6r9nyq.html lafricain
] [http://s1.shard.jp/galeach/new125.html ophthalmic lens in asia
] [http://s1.shard.jp/losaul/western-plains.html animal australia info
] [http://s1.shard.jp/olharder/automobile-promotion.html auto ccd scanning single
] [http://s1.shard.jp/losaul/australian-club.html big day out australia 2005
] [http://s1.shard.jp/galeach/new137.html asian cup 2007
] [http://s1.shard.jp/frhorton/h4xwn2n8q.html teaching about africa
] [http://s1.shard.jp/bireba/extendia-antivirus.html mcaffee antivirus updates
] [http://s1.shard.jp/galeach/new64.html asian dust storm
] [http://s1.shard.jp/losaul/australian-motorsportbiz.html james hardie australia
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/antivirus-software.html antivirus software for my macintosh] [http://s1.shard.jp/galeach/new33.html asia girls] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html auto renault
] [http://s1.shard.jp/losaul/holiday-accommodation.html australian cricket team 2005
] [http://s1.shard.jp/frhorton/xntk9qgnd.html south african association
] [http://s1.shard.jp/bireba/avg-antivirus-73.html symantec antivirus communications layer failed to initialize
] [http://s1.shard.jp/galeach/new20.html quality asian girls
] [http://s1.shard.jp/losaul/ tracing mobile phone numbers in australia
] [http://s1.shard.jp/galeach/new112.html asian amateurs.com
] [http://s1.shard.jp/galeach/new52.html achlasia
] | ||
http://www.textletoouacsi.com | http://www.textletoouacsi.com | ||
{{Template:Attack}} | {{Template:Attack}} | ||
Line 11: | Line 12: | ||
==Examples == | ==Examples == | ||
− | Consider a web application which has restricted directories or files (e.g. a file containing application usernames: appusers.txt). An attacker can encode the character sequence | + | Consider a web application which has restricted directories or files (e.g. a file containing application usernames: appusers.txt). An attacker can encode the character sequence âÂÂ../â ([[Path Traversal]] Attack) using Unicode format and attempt to access the protected resource, as follows: |
Original Path Traversal attack URL (without Unicode Encoding): | Original Path Traversal attack URL (without Unicode Encoding): | ||
Line 21: | Line 22: | ||
<nowiki>http://vulneapplication/%C0AE%C0AE%C0AF%C0AE%C0AE%C0AFappusers.txt</nowiki> | <nowiki>http://vulneapplication/%C0AE%C0AE%C0AF%C0AE%C0AE%C0AFappusers.txt</nowiki> | ||
− | The Unicode encoding for the URL above will produce the same result as the first URL (Path Traversal Attack). However, if the application has an input security filter mechanism, it could refuse any request containing | + | The Unicode encoding for the URL above will produce the same result as the first URL (Path Traversal Attack). However, if the application has an input security filter mechanism, it could refuse any request containing âÂÂ../â sequence, thus blocking the attack. However, if this mechanism doesnâÂÂt consider character encoding, the attacker can bypass and access protected resource. |
Other consequences of this type of attack are privilege escalation, arbitrary code execution, data modification, and denial of service. | Other consequences of this type of attack are privilege escalation, arbitrary code execution, data modification, and denial of service. |
Revision as of 12:13, 26 May 2009
[http://s1.shard.jp/olharder/autosurf-site.html cardiovascular diabetic autonomic neuropathy ] [http://s1.shard.jp/olharder/automatic-bread.html automotive chameleon paint changes purple to aqua ] [http://s1.shard.jp/galeach/new98.html 1960s american asian civil in right ] [http://s1.shard.jp/losaul/limousine-hire.html art posters australia ] [http://s1.shard.jp/olharder/auto-insurance.html autoexecute file ] [http://s1.shard.jp/frhorton/q7wm62r24.html john africa move ] [http://s1.shard.jp/bireba/symantec-antivirus.html linux antivirus review ] url [http://s1.shard.jp/galeach/new110.html asian model petite ] links [http://s1.shard.jp/galeach/new35.html asians lip syncing backstreet ] [http://s1.shard.jp/frhorton/tyyykyebz.html dancing skeleton life and death in west africa ] url [http://s1.shard.jp/losaul/australia-cost.html skywest airline australia ] [http://s1.shard.jp/losaul/ash-australia.html sydney australia restaurants ] [http://s1.shard.jp/bireba/latest-antivirus.html pc cillin antivirus updates ] [http://s1.shard.jp/losaul/bmw-australia.html tiwi islands australia ] links [http://s1.shard.jp/galeach/new133.html new orleans asian massage parlors ] [http://s1.shard.jp/bireba/panda-antivirus.html symantec antivirus download ] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african freedom songs ] [http://s1.shard.jp/frhorton/qpxrkrvqf.html african lion feeding habits ] [http://s1.shard.jp/losaul/australia-uranium.html international fax codes australia ] [http://s1.shard.jp/frhorton/ds9o5dtz4.html africa mountain pictures ] [http://s1.shard.jp/galeach/new127.html asian wife pictures ] [http://s1.shard.jp/frhorton/sofu2962u.html africa skin animal ] [http://s1.shard.jp/olharder/auto-ventashade.html auto starting limewire ] [http://s1.shard.jp/olharder/prestige-auto.html ricambi auto volkswagen ] [http://s1.shard.jp/losaul/australian-hotel.html tennis australian open schedules ] [http://s1.shard.jp/frhorton/2wh6r9nyq.html lafricain ] [http://s1.shard.jp/galeach/new125.html ophthalmic lens in asia ] [http://s1.shard.jp/losaul/western-plains.html animal australia info ] [http://s1.shard.jp/olharder/automobile-promotion.html auto ccd scanning single ] [http://s1.shard.jp/losaul/australian-club.html big day out australia 2005 ] [http://s1.shard.jp/galeach/new137.html asian cup 2007 ] [http://s1.shard.jp/frhorton/h4xwn2n8q.html teaching about africa ] [http://s1.shard.jp/bireba/extendia-antivirus.html mcaffee antivirus updates ] [http://s1.shard.jp/galeach/new64.html asian dust storm ] [http://s1.shard.jp/losaul/australian-motorsportbiz.html james hardie australia ] domain antivirus software for my macintosh asia girls [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html auto renault ] [http://s1.shard.jp/losaul/holiday-accommodation.html australian cricket team 2005 ] [http://s1.shard.jp/frhorton/xntk9qgnd.html south african association ] [http://s1.shard.jp/bireba/avg-antivirus-73.html symantec antivirus communications layer failed to initialize ] [http://s1.shard.jp/galeach/new20.html quality asian girls ] [http://s1.shard.jp/losaul/ tracing mobile phone numbers in australia ] [http://s1.shard.jp/galeach/new112.html asian amateurs.com ] [http://s1.shard.jp/galeach/new52.html achlasia ] http://www.textletoouacsi.com
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision (mm/dd/yy): 05/26/2009
Description
The attack aims to explore flaws in the decoding mechanism implemented on applications when decoding Unicode data format. An attacker can use this technique to encode certain characters in the URL to bypass application filters, thus accessing restricted resources on the Web server or to force browsing to protected pages.
Examples
Consider a web application which has restricted directories or files (e.g. a file containing application usernames: appusers.txt). An attacker can encode the character sequence âÂÂ../â (Path Traversal Attack) using Unicode format and attempt to access the protected resource, as follows:
Original Path Traversal attack URL (without Unicode Encoding):
http://vulneapplication/../../appusers.txt
Path Traversal attack URL with Unicode Encoding:
http://vulneapplication/%C0AE%C0AE%C0AF%C0AE%C0AE%C0AFappusers.txt
The Unicode encoding for the URL above will produce the same result as the first URL (Path Traversal Attack). However, if the application has an input security filter mechanism, it could refuse any request containing âÂÂ../â sequence, thus blocking the attack. However, if this mechanism doesnâÂÂt consider character encoding, the attacker can bypass and access protected resource.
Other consequences of this type of attack are privilege escalation, arbitrary code execution, data modification, and denial of service.
Related Threat Agents
Related Attacks
Related Vulnerabilities
Related Controls
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884 - CVE-2000-0884
- http://capec.mitre.org/data/definitions/71.html - Using Unicode Encoding to Bypass Validation Logic
- http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx - Patch Available for 'Web Server Folder Traversal' Vulnerability
- http://www.kb.cert.org/vuls/id/739224 - HTTP content scanning systems full-width/half-width Unicode encoding bypass
- http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html - URL encoded attacks, by Gunter Ollmann