Am 16.11.2011 15:37, schrieb Andres Riancho: > Achim, > > On Tue, Nov 15, 2011 at 10:34 AM, Achim Hoffmann <webse...@sic-sec.org> wrote: >> Hi all, >> >> I fully agree with Taras. >> >> Question before I dig deeper: >> does w3af currently identify (correctly) which parts of the URL >> are the INFO_PATH (actually tartofdefence.com h/bar/123 part, see >> below)? > > What do you mean by INFO_PATH? > >> Achim
http://www.ietf.org/rfc/rfc3875 If you have an URL like: http://some.where/path/to/script/additional/info where /path/to/script is the script executed on the server, anything right to the scriptname and left to the ? is the PATH_INFO which would be /additional/info in my example. The usage of PATH_INFO and PATH_TRANSLATED was traditionaly a path (nomen est omen), but the script is free to use it as whatever it likes. In modern applications we often see it used as parameters passed to the script. Means that parameters ar in the PATH_INFO and not the QUERY_STRING (as Taras already explained). Achim ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop