|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kevin Spett (kspett_at_spidynamics.com)
Date: Wed Jul 17 2002 - 13:58:31 CDT
This is probably a server configuration thing. In most web browsers,
the hostname in the URL that you enter is used in the "Host:" HTTP header.
The server appears to be handling requests differently depending on what the
value of that "Host:" header is. In this case, requests where the actual
hostname is used in the "Host:" header are processed in such a manner that
the URI portion of the request is not returned to the client in the HTTP
response.
I hope this helps.
Kevin Spett
SPI Dynamics, Inc.
http://www.spidynamics.com/
----- Original Message -----
From: "Olaf Weyer" <bksweyer
gmx.de>
To: <webappsecsecurityfocus.com>
Sent: Wednesday, July 17, 2002 11:38 AM
Subject: Cross site sripting
> Hello,
> i have the following, problem:
> http://ip/
> 500
> http://ip_with_0/
> 500
> http://name/
> all these addresses are the same (nslookup verified), but the results
shown
> in the browser are different.
> Can any body help to find out the reason?
> Olaf
>
> --
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]