Nonstandard query string markers and field separators in a web application

0 votes

In some of the websites I have seen that the parameters aren't being passed in the url qeury string in a typical manner as below.

www.abc.com/xyz?foo=bar

But they are being passed in a different way:

www.abc.com/xyz;foo=bar

My question is: Should I consider these as entry points or neglect them?

Aug 22, 2019 in Cyber Security & Ethical Hacking by Karan
 833 views

1 answer to this question.

0 votes

You should definitely consider them as entry points. The url query string mentioned in the question

www.abc.com/xyz;foo=bar

is just a custom scheme for requests but the purpose is the same. Some other example of customized schemas are:

www.abc.com/xyz;foo%3dbar
www.abc.com/xyz?param=foo:bar

To know more join our Ethical Hacking Course Online today.

answered Aug 22, 2019 by Likith

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

How to modify hidden content in a web page?

You can save the source code as ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Emilia
 824 views
0 votes
1 answer

Can anyone assist with a novel problem for this generic topic 'Cybersecurity issues and solutions for Big Data systems in healthcare

Not a problem! I can suggest a ...READ MORE

answered Apr 19, 2023 in Cyber Security & Ethical Hacking by Edureka
 • 12,690 points 440 views
0 votes
0 answers

How can PHP be used to create a secure web application to prevent SQL injection?

Oct 11 in Cyber Security & Ethical Hacking by Anupam
• 3,890 points 61 views
0 votes
0 answers

What is the role of DNSSEC in footprinting, and how can I query it programmatically?

Oct 11 in Cyber Security & Ethical Hacking by Anupam
• 3,890 points 97 views
–1 vote
1 answer

Out-of-band channels for entry points in web application hacking

The out-of-band channels for entry depends on ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Daniel
 958 views
0 votes
1 answer

Find web application technology using directory names found during fingerprinting

You can find the technology using recon ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Rachek
 598 views
0 votes
1 answer

Is it possible to find technolgy name of a web application using session tokens?

If the web application uses web servers that ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Kumar
edited Oct 7, 2021 by Sarfaraz 766 views
0 votes
1 answer

Why do some webserver send immutable data to client and get it back to the server?

The main reason for this behavior is ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Gemini
 650 views
0 votes
1 answer

How to identify Entry points for user input in a web application?

Following are the key entry points for ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Raman
 2,111 views
0 votes
1 answer

Finding platform or programming language used in web application by file extension

Yes. It is possible to understand the ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Will
 980 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.