URL vs URI

URL - Uniform Resource Locator
- formally URLs are a subset of URIs
URI -

Nowadays they are basically the same thing. There's a RFC explaining the differences, but...

In http context URL is more common. That's it.

http://user:pass@example.com:8042/dir/file.php?param=value#anchor

In HTTP Requests URLs can be absolute or relative

/dir/test.php?param=value
http://example.com:8042/dir/file.php?param=value#anchor

Possible vulnerability

Some servers HTTP do whitelist the Host header but forget that the request might contain the host address.

The host address in the URL takes precedence over the Host header.

In such case server checks if Host is valid, yet later it uses the host address from the request. Think about that:

http

GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: target.com

(Apache/MS servers prevent that, but it's quite possible in IoT world) See more

Using user:pass@ directly http request is not valid and usually might result in 400 Bad Request - some servers allow such requests, though

#anchor and what comes after isn't sent to the server

URL is oftenly normalised by the browser - e.g. folder/../ defaults to /

Llm

Neural-networks

Behavioural

Structural

Testing

Configuring-jest

Cypress

Fundamentals

Jest

Data-store

Databases

Testing

Linux-from-scratch

Pocket-chip

Zsh

Glossary

Hardening

Osint

Pentesting

Recce

Tools

Burp

Nmap

Write-ups

Dvwa

PicoCTF

Thm

Hooks

Packages

React-query

Ethereum

Frontend

Solidity

Woo-commerce

Keyboard-maestro

Macros

Script-kit

Shortcuts