Nonstandard query string markers and field separators in a web application

0 votes

In some of the websites I have seen that the parameters aren't being passed in the url qeury string in a typical manner as below.

www.abc.com/xyz?foo=bar

But they are being passed in a different way:

www.abc.com/xyz;foo=bar

My question is: Should I consider these as entry points or neglect them?

Aug 22 in Cyber Security & Ethical Hacking by Karan
20 views

1 answer to this question.

0 votes

You should definitely consider them as entry points. The url query string mentioned in the question

www.abc.com/xyz;foo=bar

is just a custom scheme for requests but the purpose is the same. Some other example of customized schemas are:

www.abc.com/xyz;foo%3dbar
www.abc.com/xyz?param=foo:bar
answered Aug 22 by Likith

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer
0 votes
1 answer
0 votes
0 answers
0 votes
1 answer