I was going through some website and stumbled upon following bug in it, while playing with different combinations for url parameters.
When I append ?&=& to any valid url on this website I get following error: /p is part of url (java.lang.ArrayIndexOutOfBoundsException).
Chrome parses the string as below:
But this exception is not raised when I append ?&& instead of ?&=&. Chrome parses both string into same thing.
- How is "?&=&" actually parsed and how is it different from "?&&"? As chrome parses them into same thing why does it generate an exception only in former case?
- What kind of bug does this website might have?
- Can such bug be used to do some kind of attack on this website?
- I do not own this website so I am just curious to know what might have caused this bug.
- Issue is seen consistently on both chrome and firefox.
- builtwith.com says this website uses ngix server.
- Let me know if this is offtopic here. Didnt find any such info.
I understand what this exception means. I just want to know if these 2 kind of parameter are parsed differently. What are the possible cause of such a bug.