pretty vacant wrote:
Uh, that has nothing to do with catching an exception. It's allowed by
the CustomErrors setting in web.config.
Hardly worth noting.. in fact, I don't even know why I'm bothering to
respond... I suppose it's just to point out that you're an idiot.
(I also replied to pretty vacant, but i wasn't a member of the list
yet).
hi,
You seem very nice... But i think that if you would have been
smart you wouldn't have said this.
Did you ever consider that someone might tried to be good
and just missed the bat due lack of knowledge? That is not
being an idiot, that might be someone that needs some guidance
and then becomes a good or perhaps even a very good person who
can help us (the hackers all over the world).
Just stating that someone is stupid included in this reply
makes yourself a fool...
On Apr 28, 2005, at 11:31 PM, <auto491351@hushmail.com>
<auto491351@hushmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My friend blshkv showed me that he get hotmail.com to crash by just
visiting the site! I used Paros Proxy to intercept the request and
replayed it using telnet, with the same result.
The request looks like this:
GET http://www.hotmail.com/ HTTP/1.0
User-Agent: Mozilla/4.78 (X11; Linux i686; U) Opera 7.54 [en]
Paros/3.2.0
Host: www.hotmail.com
Accept: text/html, application/xml;q=0.9,
application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-
xbitmap, */*;q=0.1
Accept-Language: en;q=1.0,ru;q=0.9
Accept-Charset: windows-1251, utf-8, utf-16, iso-8859-1;q=0.6,
*;q=0.1
Pragma: no-cache
Cache-Control: no-cache
Proxy-Connection: close
and this is the response (been edited due to space):
HTTP/1.1 500 Internal Server Error
Date: Thu, 28 Apr 2005 09:59:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3026
Via: 1.1 Application and Content Networking System Software
5.1.13
Proxy-Connection: Close
Interesting, isn't it?
After futher investigation it seems like hotmail.com has a problem
with russian language settings. See below for the diff between an
500 Internal Server Error and 200 OK request:
-Accept-Language: en;q=1.0,ru;q=0.9
+Accept-Language: en
I guess Hotmail.com's system administrators missed a few hardening
steps, their developers forgot to have a default catch statement in
their code and the QA people missed both of these issues in the
UAT.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkJxqiwACgkQYDBikGF9JABTnQCgmtAwln+y5/E3Wh+azhYsaufQnvkA
oIZ7M+sBtxRPttpkiUjOSa9EGpZy
=lrCT
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Kind regards,
Remko Lodder ** remko@elvandar.org
Reporter DSINET ** remko@DSINet.org
Founder Tienervaders ** remko@tienervaders.org
FreeBSD Documentation Project ** remko@FreeBSD.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
