HttpUtility.UrlEncode

Today I was breaking a web app that build up some JS using querystring values that had been run through HttpUtility.UrlEncode. Since I was not 100% sure what leverage that got me I decided to dig deep and look through the disassembly of the function. Turns out you get a allot of characters to play with including….single quote (‘)!! Yay for me :)

Characters not encoded by UrlEncode:

‘
(
)
*
-
.
_
!

Like this:

Be the first to like this post.

~ by meddington on January 18, 2008.

Posted in Security

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

phed.org