WebApp Sec mailing list archives
Re: extra dot on domain name gives different site
From: "Robin Wood" <dninja () gmail com>
Date: Sat, 26 Jan 2008 18:07:33 +0000
On 26/01/2008, Robert Hajime Lanning <robert.lanning () gmail com> wrote:
If you are using virtual hosting for the website, then it is an issue with the virtual host name matching. So, with apache: servername www.site.com serveralias site.com site.com. www.site.com.
As it was small business server I assume that it was IIS, I don't know what the DNS was, I ended up on the site by accident, a double mistype of the url and the extra dot on the end so the site isn't mine and I can't test it or talk to the real owner. I didn't realise that an extra dot on the end was a valid domainname until this. It is definitely an extra check I'll be making on my audits from now on. Robin ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- extra dot on domain name gives different site Robin Wood (Jan 25)
- Re: extra dot on domain name gives different site Eric Marden (Jan 26)
- Re: extra dot on domain name gives different site Robert Hajime Lanning (Jan 26)
- Re: extra dot on domain name gives different site Robin Wood (Jan 26)
- Re: extra dot on domain name gives different site Javier Fernandez-Sanguino (Mar 10)
- Re: extra dot on domain name gives different site Robin Wood (Jan 26)