2 Replies - 1166 Views - Last Post: 15 July 2014 - 03:38 AM Rate Topic: -----

#1 November-06  Icon User is offline

  • D.I.C Regular

Reputation: 46
  • View blog
  • Posts: 396
  • Joined: 04-January 11

Read URLEncoded QueryString

Posted 10 July 2014 - 01:46 AM

I am passing a URLEncoded value of a cookie to a page via the querystring. Deliberately, I am creating a vulnerable page.

Now, the string being passed has a combination of an equal sign displayed as is (=) to say that the name=value and another equal sign displayed as %3d since I am using URLEncode for the cookie name and value.

My problem is that when I use Request.QueryString["qsname"], both equal signs are just read as =. I want it to still read the %3d.

I can't URLEncode it again since that would overwrite those strings that should be displayed as =.

Below is the querystring to give you a clearer idea. You'll notice the %3d%3d= in the first line. I want it to be read as is but instead, it is being read as ===

?qsname=cookiename=%2fr0y%2b3Cv580EYqqYHDQ6UA%3d%3d=r7Zkw2FBwj7IWiAtw5bpfg%3d%3d|rO%2bVTC5VFRxWJQa8vgf3rA%3d%3d=cr46%2f9yLJqRN88OPd%2fQ6kkSDRdFaEGUT|gB6vZGdvWgBIc8QaBk3GPg%3d%3d=WcXN4VDHBMGY27HXci%2b9cReHWv06fbK8II6FHN1yC9E%3d|%2bNJWyiGk7Tn40izJTDgBPQ%3d%3d=c5fVBkCQLlPbgk%2fXju36wB%2foqtoKmgP0C7lxVtt0T394FjKrjMfAug%3d%3d

Is This A Good Question/Topic? 0
  • +

Replies To: Read URLEncoded QueryString

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4337
  • View blog
  • Posts: 12,137
  • Joined: 18-April 07

Re: Read URLEncoded QueryString

Posted 11 July 2014 - 10:02 AM

I get what you are asking, but I have to ask why in the world are you trying to do this? Append the value to cookiename, url encode the entire string and then append it to qsname. I am assuming that %3d%3d= are all part of the same value right? If so, then all should be encoded. I don't see why you need to have some encoded and some not when they are all part of the same cookie value. If you are using '=' as a separator, choose another.

Usually when you have to fight the system like this, it is a red flag that perhaps you are doing it wrong. ;)
Was This Post Helpful? 0
  • +
  • -

#3 November-06  Icon User is offline

  • D.I.C Regular

Reputation: 46
  • View blog
  • Posts: 396
  • Joined: 04-January 11

Re: Read URLEncoded QueryString

Posted 15 July 2014 - 03:38 AM

I am encoding a cookie.

So if I have a cookie like this...

 HttpCookie cookie = new HttpCookie("test_cookie");
 cookie["name1"] = "value1";
 cookie["name2"] = "value2";



When I encrypt the cookie value, it only encrypts the name and the value. As a result, there is still an equal that separated the cookie name and value.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1