Re: Why is "oN%3d" so dangerous?

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/01/04

  • Next message: Nicole Calinoiu: "Re: Why is "oN%3d" so dangerous?" 
    Date: Fri, 1 Oct 2004 10:09:41 -0500

    I've wondered about this too. It seems you can't put straight base64 text
    on a query string because it needs to be encoded. However, you sometimes
    run into funny encoding issues.

    One thing that I'm pretty sure you can do with impunity is hex-encode your
    binary encrypted data and then just put the hex string string on the query
    string. .NET doesn't seem to have helpful hex-encoding functions like the
    Base64 functions, but it isn't hard to write your own.

    Sorry I didn't answer your actual question. I have no idea on that part.

    Joe K.

    "Mike Kozlowski" <mlk@klio.org> wrote in message
    news:cjjne3$7f5$1@reader1.panix.com...
    > In an ASP.NET 1.1 application, I'm encrypting URL parameters. This
    > has mostly been working great, but yesterday, one particular URL got
    > caught by the XSS checker, giving me the "A potentially dangerous
    > Request.QueryString value was detected from the client". Several
    > questions arise from this:
    >
    > 1. By reducing the querystring down as much as possible, I've found
    > that the offending characters are "oN%3d" -- removing the o, the
    > N, or the %3d, will all result in the string being okay; but
    > leaving all of them together like that triggers the validator.
    > Why? This is completely inexplicable to me.
    >
    > 2. What on earth can I do to avoid this? I'm already URL-encoding
    > (that %3d, obviously, was an '=' character), and HTML-encoding
    > doesn't seem like it'd have any effect on that string. I'd really
    > like to be able to pass random strings around without seemingly
    > innocuous characters triggering hard-fail validations.
    >
    > Advice? Explanation?
    >
    > --
    > Mike Kozlowski
    > http://www.klio.org/mlk/
    >

  • Next message: Nicole Calinoiu: "Re: Why is "oN%3d" so dangerous?"

    Relevant Pages

    • Re: [PHP-CHECKER] 99 potential SQL injection vulnerabilities
      ... > vulnerabilities by inspecting strings echo'ed back as HTML output. ... > in a potentially exploitable SQL injection vulnerability. ... > query string at line 42. ... > injection into query string at Line 205. ...
      (Bugtraq)
    • Re: A_Modest_1_bit_Proposal_about_Quotification_-_making_the_Default_Easy
      ... providing a nicely formed string like "John Doe", ... where the query string is composed, ... connect to the database. ... the trailing DROP would just fail as useridB does not own the table. ...
      (comp.arch)
    • Re: Search from asxp page not working
      ... have a question about the query string and finding parts of filename. ... Microsoft Online Community Support ...
      (microsoft.public.inetserver.indexserver)
    • Re: Error in query referring to Combo Box
      ... Your query string is suspect. ... rsSturID.Open "SELECT tblSturg.SturgID FROM tblSturg WHERE ... Personnally, I assign the query string to a variable, so I can examine it ... Dim rsSturID As ADODB.Recordset ...
      (microsoft.public.access.modulesdaovba)
    • Re: Renaming tables
      ... If you build the query string in code and execute the query string you should have little problem ... If you need more help you need to tell us what the two queries you run do. ... I run the 2 queries, delete the table Infile and then rename the next table Infile, run my 2 queries, delete and rename the table, etc. ...
      (microsoft.public.access.modulesdaovba)