[framework] Need help with UTF-16 URL encoding
Brian Caswell
bmc at shmoo.com
Sat Jul 21 07:23:05 CDT 2007
On Jul 21, 2007, at 3:56 AM, M.P.Sairam wrote:
> First thanks for the response, no actually i mean %xx%xx encoding.I
> think no web server support this type of encoding.
>
> In %uXXXX encoding used by IIS, which one of UTF-16LE or UTF-16BE
> is used?
Actually, IIS supports UTF16 sent via %xx%xx, for sending a single
widechar. It was used in one of the IIS directory traversal attacks
from many years ago.
%u doesn't actually use UTF16. It uses a codepage translation. The
codepage that metasploit uses are generated by the codepage generator
written by Dan Rolker for snort. Check out lib/rex/text.rb for how
the translation is done, and the codepage map which is lib/rex/
codepage.map
Brian
More information about the framework
mailing list