OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Panayiotis A. Thermos (pthermos_at_telcordia.com)
Date: Wed Jul 17 2002 - 14:39:42 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There might be a load balancer in front of the web server, which in
    actuality
    is a web farm.

    So when you request a page using the DNS name you might be getting
    a response from a different webserver (e.g. 192.168.1.5) since the load
    balancer
    routes your request, but when you use the actual IP address 192.168.1.7
    (which is another web server in the web farm) you are getting a different
    response.

    See what responses you get if you enumerate requests sequentially, for
    example
    http://192.168.1.5, http://192.168.1.6, http://192.168.1.7.

    Or ask the webmaster about the network topology.

    P. Thermos

    "Kevin Spett" <kspettspidynamics.com> on 07/17/2002 02:58:31 PM

    To: "Olaf Weyer" <bksweyergmx.de>, webappsecsecurityfocus.com
    cc: (bcc: Panayiotis A. Thermos/Telcordia)
    Subject: Re: Cross site sripting

        This is probably a server configuration thing. In most web browsers,
    the hostname in the URL that you enter is used in the "Host:" HTTP header.
    The server appears to be handling requests differently depending on what
    the
    value of that "Host:" header is. In this case, requests where the actual
    hostname is used in the "Host:" header are processed in such a manner that
    the URI portion of the request is not returned to the client in the HTTP
    response.

        I hope this helps.

    Kevin Spett
    SPI Dynamics, Inc.
    http://www.spidynamics.com/
    ----- Original Message -----
    From: "Olaf Weyer" <bksweyergmx.de>
    To: <webappsecsecurityfocus.com>
    Sent: Wednesday, July 17, 2002 11:38 AM
    Subject: Cross site sripting

    > Hello,
    > i have the following, problem:
    > http://ip/>alert('x')</script>.jsp -> Popup-Script Errorpage
    > 500
    >     http://ip_with_0/>alert('x')</script>.jsp -> Popup-Script
    Errorpage
    > 500
    >     http://name/>alert('x')</script>.jsp -> Error 404:
    > all these addresses are the same (nslookup verified), but the results
    shown
    > in the browser are different.
    > Can any body help to find out the reason?
    > Olaf
    >
    > --
    > GMX - Die Kommunikationsplattform im Internet.
    >     http://www.gmx.net
    >
    >