[WEB SECURITY] Repository of site URL structures?

Robert A. robert at webappsec.org
Tue Jun 21 13:58:37 EDT 2011


> What are you trying to do Robert?  I've been amassing a list of URIs and
> IRIs for testing purposes, you can check it out here:

There have been multiple situations where I've needed example of ! and ; 
as URL delimeters (which I've seen before but lack urls for), or @ within 
a URL (not in the context of user at domain.com auth). Or urls using comma's 
such as http://site/foo?12,12,12 .

I am just looking for a central repository that I can point people to.

> https://github.com/cweb/iri-tests/blob/master/tests.xml
>
> Webkit also has a testing suite at
> http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/ Note: I'm in
> process of incorporating all of these tests into my test.xml above.

Cool this is helpful thanks.

> Everyone is definitely not following the RFC guidelines consistently.  I
> built a test harness that correlates the DOM parsing of these URIs with the
> HTTP request and the DNS queries.  The differences are dramatic in some
> cases.

So how come we haven't seen more advisories/bugs from you? Surely there 
are tons to be found :)

Thanks Chris,
- Robert
http://www.qasec.com/
http://www.webappsec.org/
http://www.cgisecurity.com/

>
> Thanks,
> -Chris
>
>
> -----Original Message-----
> From: websecurity-bounces at lists.webappsec.org
> [mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Robert A.
> Sent: Tuesday, June 21, 2011 10:36 AM
> To: websecurity at lists.webappsec.org
> Subject: [WEB SECURITY] Repository of site URL structures?
>
> Hello everyone,
> Is anyone aware of a site that contains a list of funky url structures used
> by production sites? I am not looking for a reply telling me I should look
> at the RFC guidelines because not everyone may be following them.
>
> Regards,
> - Robert
> http://www.qasec.com/
> http://www.webappsec.org
> http://www.cgisecurity.com
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>




More information about the websecurity mailing list