LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What problem occurs when the same data is sent to multiple systems that interpret it differently?

If two systems read the same bytes differently ("unequal interpretation"), an attacker can craft input that looks harmless to the checker but malicious to the executor — slipping past controls.

A source system sends the same payload to System 1 (checker — reads it as data) and System 2 (executor — reads it as code); an "unequal interpretation" callout.

* Unequal interpretation — the same payload is read as data by the checker but as code by the executor, so validate where you act. *

The danger is a gap between the system that validates and the system that acts. If your security check parses the data one way and the downstream component parses it another way, the check is inspecting something different from what actually runs:

Scenario:

System ---sends same data---> System 1 (interprets one way)
                         \---> System 2 (interprets differently!)
                              = UNEQUAL INTERPRETATION!!!

Security implications:

  • Attacker crafts data valid for System 1's interpretation
  • Same data has malicious meaning for System 2
  • Systems are in inconsistent state
  • May bypass security controls that only check one interpretation

Example: URL encoding - web server and application may parse URLs differently.

From Quiz: SPRG / Security Review | Updated: Jun 20, 2026