|
WebApp Sec
mailing list archives
Re: extra dot on domain name gives different site
From: "Robin Wood" <dninja () gmail com>
Date: Sat, 26 Jan 2008 18:07:33 +0000
On 26/01/2008, Robert Hajime Lanning <robert.lanning () gmail com> wrote:
If you are using virtual hosting for the website, then it is an issue with
the virtual host name matching.
So, with apache:
servername www.site.com
serveralias site.com site.com. www.site.com.
As it was small business server I assume that it was IIS, I don't know
what the DNS was, I ended up on the site by accident, a double mistype
of the url and the extra dot on the end so the site isn't mine and I
can't test it or talk to the real owner.
I didn't realise that an extra dot on the end was a valid domainname
until this. It is definitely an extra check I'll be making on my
audits from now on.
Robin
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be
considered a crucial phase in the development of any web application. What methodology should be followed? What tools
can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
