On 26/01/2008, Robert Hajime Lanning <robert.lanning_at_gmail.com> wrote:
> If you are using virtual hosting for the website, then it is an issue with
> the virtual host name matching.
>
> So, with apache:
> servername www.site.com
> serveralias site.com site.com. www.site.com.
>
As it was small business server I assume that it was IIS, I don't know
what the DNS was, I ended up on the site by accident, a double mistype
of the url and the extra dot on the end so the site isn't mine and I
can't test it or talk to the real owner.
I didn't realise that an extra dot on the end was a valid domainname
until this. It is definitely an extra check I'll be making on my
audits from now on.
Robin
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jan 26 2008
Intro
