Sometimes ; - semicolon, can be useful. If the frontend web server don't interpret path parameters but the secondary one does, you can request /path/..;/ . Browsers and front end web server won't try to normalize the URL but the second server will treat ..;/ as ../
Very cool talk. I had never heard of secondary context
Sometimes ; - semicolon, can be useful. If the frontend web server don't interpret path parameters but the secondary one does, you can request /path/..;/ . Browsers and front end web server won't try to normalize the URL but the second server will treat ..;/ as ../
Yup I've used this trick a fair bit before! It especially works well on servers with Tomcat on the backend as Tomcat interprets path parameters
💙💙💙