Metasploit mailing list archives
Need help with UTF-16 URL encoding
From: bmc at shmoo.com (Brian Caswell)
Date: Sat, 21 Jul 2007 08:23:05 -0400
On Jul 21, 2007, at 3:56 AM, M.P.Sairam wrote:
First thanks for the response, no actually i mean %xx%xx encoding.I think no web server support this type of encoding. In %uXXXX encoding used by IIS, which one of UTF-16LE or UTF-16BE is used?
Actually, IIS supports UTF16 sent via %xx%xx, for sending a single widechar. It was used in one of the IIS directory traversal attacks from many years ago. %u doesn't actually use UTF16. It uses a codepage translation. The codepage that metasploit uses are generated by the codepage generator written by Dan Rolker for snort. Check out lib/rex/text.rb for how the translation is done, and the codepage map which is lib/rex/ codepage.map Brian
Current thread:
- Need help with UTF-16 URL encoding M.P.Sairam (Jul 19)
- Need help with UTF-16 URL encoding H D Moore (Jul 19)
- Need help with UTF-16 URL encoding M.P.Sairam (Jul 21)
- Need help with UTF-16 URL encoding Brian Caswell (Jul 21)
- Need help with UTF-16 URL encoding H D Moore (Jul 21)
- Need help with UTF-16 URL encoding M.P.Sairam (Jul 21)
- Need help with UTF-16 URL encoding H D Moore (Jul 19)