There's a related issue when you use mod_rewrite for normal URL rewriting, especially when you use:

RewriteRule ^(some-pattern) $1/somestuff [L]

instead of:

RewriteRule ^(some-pattern) /$1/somestuff [L]

Here, the leading slash should always be included.

I'm very surprised that no one, other than yourself g1smd, has dived into this thread.

The majority of web sites, and probably almost every SEO'd site out, is potentially vulnerable to have their DB server and/or every other internal resource (such as router) leaving themselves vulnerable to the worst kind of abuse.

That abuse could be a simple re routing of a site's content (via routing tables at the router level), DNS poisoning for whole companies and subnets, customer data theft and a thousand other abuses.

The shame is that it is so simple to check if you are vulnerable and so easy to fix, with a simple addition of one character - a slash !

If you read a good few of the mod_rewrite tutorials published on "SEO websites" you'll soon realise that 99% of the "authors" don't actually understand any of this stuff, and seemingly merely parrot the worst tutorials and the same basic errors over and over again.

Yes, it's a simple flaw and an easy fix. Shame that it will be ignored by the vast majority of sites that need to check things out.