[WEB SECURITY] Repository of site URL structures?
websec10 at sic-sec.org
Wed Jun 22 16:02:17 EDT 2011
> Just noticed that you might be missing the test where you have a
> param: http://www.w3af.com/foo/bar?spam;eggs=1 (eggs=1) is the
not sure what's your question here, but according RFC1738 you have a
"searchpart" (aka query string) which is in your example
For those tools/frameworks/whatever which believe that a query string
consist of key=value pairs which must be separated by & the key here
and the value
The ; in the path of an URL is the delimiter for parameters, it should
not be a special character in the searchpart. Example:
Therefore you have to URL-encode ; in the path, 'cause it separates path
from parameters, but it's not necessary in the searchpart.
All RFCs are wake about URL-encoding of special characters like / ; = | @
IIRC the same applies to | but don't have seen examples for that since
a very long time (may be back when Netscape Servers dominated Internet:)
Sorry for being a bit off-topic, but hope it helps. At least Robert's
examples with the ; in behind the FQDN are subject to it too, somehow.
More information about the websecurity