Who Is Your Parser And What Does He Do: URL Parsing Gone Wrong

Understanding URLs is hard, parsing them is even harder. When we compared different URL parsers, we found that the results varied from one parser to another. That sparked our curiosity and led us to compare URL parsers across different platforms and programming languages. In our presentation, we will discuss numerous exploitation techniques that use URL parsing inconsistencies, as well as some vulnerabilities we've discovered in popular open-source projects used by many applications.