0

I'm dealing with a URL validation function that was made by the developer (instead of using trusted methods).

Here is a slightly modified version of the function:

    public static bool IsValidURL(string url) {
        string parsedurl = url.ToLower().Substring(8, url.IndexOf("/", 8) - 8);
        return url.StartsWith("https") && parsedurl.EndsWith("example.com");
    }

I need this function to return true for a URL string I supply and the URL must also be compatible with C#'s WebClient. My goal is to have it to connect to my own web server, any ideas?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Bill Richard
  • 103
  • 5

1 Answers1

0

I think this will make it pass

https://compromised.server.com?example.com/

As long as example.com/ is at the end of the URL and there are no other slashes, you can add as many query parameters as you want with other data.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Augusto
  • 398
  • 1
  • 11