|
|
|
|
|
|
by lozenge
1325 days ago
|
|
|
Because if the vulnerability involves an HTTP request, then the Host header needs to have the domain name of the target website. So you need: IP address and port for the TCP headers, and the domain name to go in the TCP packet content. One example of a vulnerability would be having phpMyAdmin with a database password hardcoded and no login needed. Without the domain name it would still be impossible to access. (Of course, domain names shouldn't be considered secret so this would be a very insecure setup.) |
|
|