During an active reconnaissance phase, a penetration tester is examining a web application's URLs. Which component of a URL should be scrutinized to identify possible injection points that could be manipulated for exploitation?
Protocol
Query parameters
Hostname
Path directories