Hello there,
Recently I had a company reached out to me because it couldn't reproduce the vulnerability correctly. I later found out that the URL encoded '%2B' was decoded to '+' an then it wouldn't work since the application translates the '+' as space. Perhaps we could have an option to not decode URL encoded characters.
I don't know if I let myself clear but since the company hasn't patch the vuln yet I can't post the payload here.
Thanks
[SUGESTION] Plus Sign on URLs
Re: [SUGESTION] Plus Sign on URLs
provide report idPedro_SEC_R wrote: ↑Wed Sep 06, 2017 4:53 pmHello there,
Recently I had a company reached out to me because it couldn't reproduce the vulnerability correctly. I later found out that the URL encoded '%2B' was decoded to '+' an then it wouldn't work since the application translates the '+' as space. Perhaps we could have an option to not decode URL encoded characters.
I don't know if I let myself clear but since the company hasn't patch the vuln yet I can't post the payload here.
Thanks
Who is online
Users browsing this forum: No registered users and 2 guests