Full Disclosure mailing list archives
Re: Hotmail.com doesn't like russians, returns 500 internal server error.
From: pretty vacant <optimist () eurocompton net>
Date: Sat, 30 Apr 2005 16:37:09 -0400 (EDT)
Uh, that has nothing to do with catching an exception. It's allowed by the CustomErrors setting in web.config. Hardly worth noting.. in fact, I don't even know why I'm bothering to respond... I suppose it's just to point out that you're an idiot. On Apr 28, 2005, at 11:31 PM, <auto491351 () hushmail com> <auto491351 () hushmail com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My friend blshkv showed me that he get hotmail.com to crash by just visiting the site! I used Paros Proxy to intercept the request and replayed it using telnet, with the same result. The request looks like this: GET http://www.hotmail.com/ HTTP/1.0 User-Agent: Mozilla/4.78 (X11; Linux i686; U) Opera 7.54 [en] Paros/3.2.0 Host: www.hotmail.com Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x- xbitmap, */*;q=0.1 Accept-Language: en;q=1.0,ru;q=0.9 Accept-Charset: windows-1251, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1 Pragma: no-cache Cache-Control: no-cache Proxy-Connection: close and this is the response (been edited due to space): HTTP/1.1 500 Internal Server Error Date: Thu, 28 Apr 2005 09:59:35 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026 Via: 1.1 Application and Content Networking System Software 5.1.13 Proxy-Connection: Close Interesting, isn't it? After futher investigation it seems like hotmail.com has a problem with russian language settings. See below for the diff between an 500 Internal Server Error and 200 OK request: -Accept-Language: en;q=1.0,ru;q=0.9 +Accept-Language: en I guess Hotmail.com's system administrators missed a few hardening steps, their developers forgot to have a default catch statement in their code and the QA people missed both of these issues in the UAT. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJxqiwACgkQYDBikGF9JABTnQCgmtAwln+y5/E3Wh+azhYsaufQnvkA oIZ7M+sBtxRPttpkiUjOSa9EGpZy =lrCT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Hotmail.com doesn't like russians, returns 500 internal server error. pretty vacant (Apr 30)
- Re: Hotmail.com doesn't like russians, returns 500 internal server error. Remko Lodder (Apr 30)