3

I've searched very hard to find any information about my issue but so far no luck, hence this thread.

My problem is that URL parameters that get submitted by users get changed to seemingly gibberish strings.

  • Correct URL: /password/edit?reset_password_token=yGJuB5yYzbsQxsSJ4ZHr&token

  • What hits my server: /password/edit?erfrg_cnffjbeq_gbxra=yGJuB5yYzbsQxsSJ4ZHr&gbxra=

There is some pattern to this since the word token shows up twice and is transformed into gbxra every time.

What's more interesting is that it happens very rarely and most requests look good and work well.

The presented link is sent to users via email so I was suspecting that maybe some mailing client is causing it but I was not able to track it down so far.

It happens regardless of browser (latest Chrome/Firefox/IE11) and operating system (Windows 10/Linux/MacOS).

Have you ever encountered a situation like that and do you know what might be the culprit?

Kamil Kula
  • 31
  • 3

1 Answers1

0

I don't know why this happens but I have a hint for you to maybe track it down. The gibberish stems from a rot13 "encryption" (see for example: https://rot13.com/ or https://en.wikipedia.org/wiki/ROT13).

This is not a real cipher though. Mostly it is used to prevent some text to be readable at first glance. For example in a quiz the correct answer may be given in rot13 encoding, so you can easily check your answer without being spoiled beforehand.

Maybe there are any URL rewrite rules in place on your server?

user229044
  • 232,980
  • 40
  • 330
  • 338
Antares
  • 605
  • 3
  • 14