The URL parsing functions focus on splitting a URL string into its components, or on combining URL components into a URL string.
**Simply** `urllib.parse` used for parsing urls, we can bypass it with adding blanks before the url. This happens in python `3.11.4` and before.
Let's break down `example.py`
Here is a set of websites that you should not access:
blocked_list = [
This function checks if website is on blocked list or not, if it's on block list it should return `URL Blocked`
parse = urllib.parse.urlparse(url).geturl()
if parse in blocked_list: return 'URL Blocked'
else: return 'Bypassed'
Now I added two urls and I check if any of them is blocked and cannot be accessed:
payload1 = " http://example.com/"
payload2 = "http://example.com/"
`payload1` is where i bypassed `is_url_blocked()` because adding long space before the url will bypass `urllib.parse.urlparse(url).geturl()` it would not execute as excpected.
That's why the output is
But on `payload2` we get
If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.
<a href="https://www.buymeacoffee.com/jawadpy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>