Professional Documents
Culture Documents
Bad Characters
Bad Characters
Vivek
Ramachandran
SWSE,
SMFE,
SPSE,
SISE,
SLAE,
SGDE
Course
Instructor
Cer'fica'ons:
hNp://www.securitytube-‐training.com
Pentester
Academy:
hNp://www.PentesterAcademy.com
©SecurityTube.net
Bad
Characters
©SecurityTube.net
Bad
Characters
• Input
Delimiters
– e.g.
0x00
for
a
string
– e.g.
0x0a
0x0d
for
HTTP
Header
fields
©SecurityTube.net
Why
should
this
bother
us?
©SecurityTube.net
Generic
Bad
Character
Program
©SecurityTube.net
Pentester
Academy
©SecurityTube.net