[HACK] Paswords en claro en MARCA DIGITAL

J.A. Gutierrez spd at gtc1.cps.unizar.es
Wed Aug 29 11:32:50 CEST 2001


> SRC="/cgi-bin/mimarca.cgi?%6F%70%63%69%6F%6E%3D%33%26%75%73%75%61%72%69%6F%3
> D%6A%65%73%75%6C%69%6E%26%63%6C%61%76%65%3D%6E%6F%6C%61%73%61%62%65%73"
> 
> Un simple conversor de UniCode a ASCII nos transforma las dos cadenas a:

http://cert.uni-stuttgart.de/archive/bugtraq/2001/05/msg00289.html

'%' (URL) Encoding is *not* unicode encoding - unicode is a multibyte
character set, which uses binary values outside the 32-127 range of
printable ASCII. When unicode characters are used in URLs, they are
usually/often expressed in 'utf-8' encoding, which uses a short sequence
of binary values to encode a full unicode character. Many of the values
used in utf-8 encoding of unicode are illegal in URLs without using
'URL encoding' (% escaping), but not all % escaped characters represent
either utf-8 or unicode...


-- 
finger spd at gtc1.cps.unizar.es for PGP       /              So be easy and free
.mailcap tip of the day:                   /      when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null       /            (the pogues)



More information about the hacking mailing list