.com. filter bypass

[RSnake <rsnake () shocking com>]

        I know this is pretty trivial, but I haven't seen anyone write anything
about this.  I'm not sure how useful it really is as an attack vector, but:

"http://www.google.com./"; is a valid url in browsers (with the dot at the end).

        It seems like it might be used to circumvent some pattern matching
filters in use with CGIs.  Something like:

#!/usr/bin/perl
print "Content-Type: text/html\n\n";
$domain_query = $ENV{QUERY_STRING} # $domain_query is "www.google.com."
if ($domain_query !~ m/^www\.google\.com$/){
  #execute something you normally wouldn't allow for www.google.com
} else {
  print "Sorry!\n";
}

        Where the URL in this case actually is google.com when rendered.  I
tested this with IE on XP Pro and lynx on XP Pro cygwin and on FBSD.  As a side
note, nslookup and traceroute both ignored the trailing period, which actually
is okay behavior, but also makes them candidates if this sort of check is
performed before they are run with a system call....  Yup, as I said, pretty
trivial.

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.