Full Disclosure mailing list archives
Hotmail.com doesn't like russians, returns 500 internal server error.
From: <auto491351 () hushmail com>
Date: Thu, 28 Apr 2005 20:31:50 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My friend blshkv showed me that he get hotmail.com to crash by just visiting the site! I used Paros Proxy to intercept the request and replayed it using telnet, with the same result. The request looks like this: GET http://www.hotmail.com/ HTTP/1.0 User-Agent: Mozilla/4.78 (X11; Linux i686; U) Opera 7.54 [en] Paros/3.2.0 Host: www.hotmail.com Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x- xbitmap, */*;q=0.1 Accept-Language: en;q=1.0,ru;q=0.9 Accept-Charset: windows-1251, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1 Pragma: no-cache Cache-Control: no-cache Proxy-Connection: close and this is the response (been edited due to space): HTTP/1.1 500 Internal Server Error Date: Thu, 28 Apr 2005 09:59:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026 Via: 1.1 Application and Content Networking System Software 5.1.13 Proxy-Connection: Close Interesting, isn't it? After futher investigation it seems like hotmail.com has a problem with russian language settings. See below for the diff between an 500 Internal Server Error and 200 OK request: -Accept-Language: en;q=1.0,ru;q=0.9 +Accept-Language: en I guess Hotmail.com's system administrators missed a few hardening steps, their developers forgot to have a default catch statement in their code and the QA people missed both of these issues in the UAT. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJxqiwACgkQYDBikGF9JABTnQCgmtAwln+y5/E3Wh+azhYsaufQnvkA oIZ7M+sBtxRPttpkiUjOSa9EGpZy =lrCT -----END PGP SIGNATURE-----
Attachment:
snapshot1.jpg.sig
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hotmail.com doesn't like russians, returns 500 internal server error. auto491351 (Apr 29)