[LRUG] Working with bogus URLs

David Salgado david at digitalronin.com
Sat Oct 8 10:15:47 PDT 2011


Hi Sean

> Sorry if I'm stating the obvious but have you tried escaping the
> troublesome path components?

Sorry, I should have mentioned that yes, I have tried various
combinations of CGI.escape and URI.escape/encode

Whenever I get to something that URI.parse will accept, I just get a
404 error from the Icinga server!

> P.S. What were they smoking when they devised that scheme? I'd like some.

I have a feeling they're just doing a straight paste of whatever
parameters are on the URL into an SQL query ... which isn't dangerous
at all, of course.

D



More information about the Chat mailing list