PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Wildcards as Extension

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wildcards as Extension

    Is it possible to scan a file with this name?

    details.mspx@id=w1x00xD5&vw=police&1=PWxZjL1c_252f 5McSyEzciA_252fFRQ_252f5kDSgWZywNg02QOHoPk_253d&in put=admin


    I know what you are thinking. Either thats not an extension or .mspx should work or even why don't I rename the file and drop the @.


    I have thought of all those. And tried many different things.

    I would rename them. But It just takes some time to do 1,000,000 of them.

    Regards
    PHP Code:
    echo thank you 

  • #2
    I believe that isn't a valid URL. Unless there's an obscure rule in the specifications I'm not aware of.

    The "@" sign is reserved in the URL to indicate login and password details. For example: http://bob:mysecretpassword@www.website.com/

    This would login to www.website.com with a username of "bob" and a password of "mysecretpassword".

    In your context, you are passing parameters via what is known as "HTTP GET". The standards expect you to use a "?" after the filename, to indicate the start of the GET parameters. In other words, it should be:
    details.mspx?id=w1x00xD5&vw=police&1=PWxZjL1c_252f 5McSyEzciA_252fFRQ_252f5kDSgWZywNg02QOHoPk_253d&in put=admin

    So unless there's some rule that changes this, we would have to stand by the standard specs as we know it.

    It should also be worth pointing out that given the fact that its normally used for logins, you may find that those URLs may trigger phishing prevention mechanisms. For example, an email client may look at that URL, determine that it is a login attempt because it contains an "@" character, and warn the user (or prevent the user completely) from clicking on the link because it submits login details.

    Here's a webpage that gives more details about this problem:
    http://www.halfbakery.com/idea/_40-sign_20URL_20warning
    --Ray
    Wrensoft Web Software
    Sydney, Australia
    Zoom Search Engine

    Comment


    • #3
      yES it would Not meet URL standards.

      But it is obviously a URL possibility.

      Hopefully it will be implemented in the future.



      I really should not matter the path zoom takes.
      As much as the needs of customers and having something more then a "Standard" feature. Who cares about ANSI when indexing. It should be more
      about getting the customer where he needs to be. ANSI or any other standards agency. Are not the law. But more of a guide to follow when
      you want to conform. Zoom take a structure and indexes the path and contents as you know.
      even if my URL was offline /@@/@@33/@@/3/2@@@//@@@
      I would hope someone would have software to index the content.

      ? is invalid in windows OS as a part of a file name.

      @ returns a valid path in Windows and in your browser addressbar,


      That would be like a person the repairs shoes telling you "Sorry, you where 1 size 10 and a size 12 on the other foot" "I really cant fix your shoes".

      Make the path. Don't follow it.


      Thank you

      Comment


      • #4
        I think you might have missed the fact I pointed out regarding it being also used to identify phishing attempts. So it is not just a matter of blindly following a standard, it is simply impractical. You will find various browsers and security programs will be blocking your URL.

        There's a difference between following a standard for no practical reason; and following a standard because it avoids actual, real problems.

        Originally posted by selvol View Post
        ? is invalid in windows OS as a part of a file name.
        I don't see how this would be relevant. The URL we are talking about is a filename with HTTP GET parameters at the end (that is, "details.mspx" with the parameters of "id=w31244", etc. concatenated by either a "?" or an "@" sign).

        There is no need for a "?" to be part of the filename.

        If "?" or the "@" sign was part of the filename, then ".mspx" would not be the file extension identified by Windows either.
        --Ray
        Wrensoft Web Software
        Sydney, Australia
        Zoom Search Engine

        Comment

        Working...
        X