Since you are sending an invalid URI to the server, the server may respond with HTTP 400 Bad Request status HTTP 400 Bad Request , but it may not. On different servers in different ways. For example, the Apache 2.4 server responds with 403 Forbidden . They seem to recognize this as an attempt at SQL injection and immediately suppress it. The nginx server responds with 404 Not Found .
You do not need to create a browser that does not perform URL encoding for verification. You can execute this request from a simple telnet program, which is part of most operating systems (but cannot be installed by default). If it is installed, you just need to execute telnet www.google.com 80 in the terminal window, insert the following two lines:
GET /"a" HTTP/1.1 Host: www.google.com
and press Enter twice. You will receive a response using 404 Not Found . If you do the same with stackoverflow.com, the response will be 400 Bad Request .
Paul melekhov
source share