A query string is a URL component that gives values to specific parameters. Typically begins with a question mark (?) and proceeds with pairs of key-value entries. These pairs are separated with an ampersand (&) and within each pair, an equals sign (=) connects the key and the value.

Consider the following URL:

In this example, ?param1=value1&param2=value2 is the query string.

Query strings transmit data to the server, enabling tailored responses. For instance, a query string can contain search items, indicate the sorting order of products, or reveal the current page number within a multi-page inventory.

Query String Vulnerabilities