The attacker utilizes a repeating of the encoding process for a set of
						characters (that is, character encoding a character encoding of a character)
						to obfuscate the payload of a particular request. The may allow the attacker
						to bypass filters that attempt to detect illegal characters or strings, such
						as might be used in traversal or injection attacks. Filters may be able to
						catch illegal encoded strings but may not catch doubly encoded strings. For
						example, a dot (.), often used in path traversal attacks and therefore often
						blocked by filters, could be URL encoded as %2E. However, many filters
						recognize this encoding and would still block the request. In a double
						encoding, the % in the above URL encoding would be encoded again as %25,
						resulting in %252E which some filters might not catch, but which could still
						be interpreted as a dot (.) by interpreters on the target.