Well if I'm not mistaken the %2e is the . and the %2f is the / character. It seems they might be trying to do dos equivalent ../ type to go through the directories. I have no idea though ;)

Mac
It's a sunday night, have to go to bed soon, can't really rely on me right now ;)

Yes,
Macrost is right. The %xx is the urlencoded version of . and / which translates to ../../../../../etc/passwd.

This is a typical type of path attack.

You should *always* filter the hell out of data coming into your app.

Learn regular expressions and parse for the specific data you are expecting.
Quadrupally so when dealing with filehandles.

--flashback

$k= "0802020501020401054a2b020154212d01050c030d5230150d064c28190208060d"; 
@r=unpack('C*', pack('H*',$k)); for (1..shift(@r)){$n[$q+= shift(@r)]=1;} 
for(@r){if($n[$t]){$_=-$_};$t++;print chr($o+=$_);}#sig-relation.04.20.02