Double encoding (English Wikipedia)

Analysis of information sources in references of the Wikipedia article "Double encoding" in English language version.

refsWebsite

Global rank English rank

low place

low place

low place

4,194^th place

3,676^th place

mitre.org (Global: low place; English: low place)

CWE 2022, Observed Examples. CWE (2022). "CWE-174: Double Decoding of the Same Data". cwe.mitre.org. 4.8. Retrieved 23 July 2022.
CWE 2022, Description. "The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations." CWE (2022). "CWE-174: Double Decoding of the Same Data". cwe.mitre.org. 4.8. Retrieved 23 July 2022.
CWE 2022, Potential Mitigations. "Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180)." CWE (2022). "CWE-174: Double Decoding of the Same Data". cwe.mitre.org. 4.8. Retrieved 23 July 2022.

OWASP 2022, Description. "By using double encoding it’s possible to bypass security filters that only decode user input once." OWASP (2022). "Double Encoding". owasp.org. Retrieved 23 July 2022.
OWASP 2022, Description. "By using double encoding it’s possible to bypass security filters that only decode user input once. The second decoding process is executed by the backend platform or modules that properly handle encoded data, but don’t have the corresponding security checks in place." OWASP (2022). "Double Encoding". owasp.org. Retrieved 23 July 2022.
OWASP 2022, Description. "For example, ../ (dot-dot-slash) characters represent %2E%2E%2F in hexadecimal representation. When the % symbol is encoded again, its representation in hexadecimal code is %25. The result from the double encoding process ../ (dot-dot-slash) would be %252E%252E%252F" OWASP (2022). "Double Encoding". owasp.org. Retrieved 23 July 2022.

Prasad 2016, p. 11. "Double percent encoding is the same as percent encoding with a twist that each character is encoded twice instead of once." Prasad, Prakhar (2016). "Double encoding". Mastering Modern Web Penetration Testing. Packt Publishing. pp. 11–14. ISBN 978-1785284588.
Prasad 2016, p. 11. "Double percent encoding is the same as percent encoding with a twist that each character is encoded twice instead of once." Prasad, Prakhar (2016). "Double encoding". Mastering Modern Web Penetration Testing. Packt Publishing. pp. 11–14. ISBN 978-1785284588.
Prasad 2016, p. 11. "So if I had to encode < using double encoding, I'll first encode it into its percent-encoded format, which is %3c and then again percent encode the % character. The result of this will be %253c." Prasad, Prakhar (2016). "Double encoding". Mastering Modern Web Penetration Testing. Packt Publishing. pp. 11–14. ISBN 978-1785284588.
Prasad 2016, p. 11. "This technique[double percent encoding] comes in pretty handy when attempting to evade filters which attempt to blacklist certain encoded characters" Prasad, Prakhar (2016). "Double encoding". Mastering Modern Web Penetration Testing. Packt Publishing. pp. 11–14. ISBN 978-1785284588.

PHP 2022, Notes. "Warning: The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results." PHP (2022). "urldecode". php.net. Retrieved 23 July 2022.