CAPEC-72 : URL Encoding
This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL.
https://capec.mitre.org/data/definitions/72.htmlRelated CWE definitions
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
The product allows user input to control or influence paths or file names that are used in filesystem operations.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
The product does not properly encode or decode the data, resulting in unexpected values.
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
The product does not properly handle when all or part of an input has been URL encoded.
Please note that CAPEC definitions are provided as a quick reference only.
Visit http://capec.mitre.org/ for a complete list of CAPEC entries
and more information.