Last updated 2 years ago
When different parsers parse the same input differently, then application logic vulnerabilities can occur.
Excellent article:
Orange Tsai had an excellent presentation about that:
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf