lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri Apr 29 11:57:58 2005
From: auto491351 at hushmail.com (auto491351@...hmail.com)
Subject: Hotmail.com doesn't like russians,
	returns 500 internal server error.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My friend blshkv showed me that he get hotmail.com to crash by just
visiting the site! I used Paros Proxy to intercept the request and
replayed it using telnet, with the same result.

The request looks like this:


    GET http://www.hotmail.com/ HTTP/1.0
    User-Agent: Mozilla/4.78 (X11; Linux i686; U) Opera 7.54 [en]
Paros/3.2.0
    Host: www.hotmail.com
    Accept: text/html, application/xml;q=0.9,
application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-
xbitmap, */*;q=0.1
    Accept-Language: en;q=1.0,ru;q=0.9
    Accept-Charset: windows-1251, utf-8, utf-16, iso-8859-1;q=0.6,
*;q=0.1
    Pragma: no-cache
    Cache-Control: no-cache
    Proxy-Connection: close



and this is the response (been edited due to space):


    HTTP/1.1 500 Internal Server Error
    Date: Thu, 28 Apr 2005 09:59:35 GMT
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    X-AspNet-Version: 1.1.4322
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 3026
    Via: 1.1 Application and Content Networking System Software
5.1.13
    Proxy-Connection: Close

Interesting, isn't it?

After futher investigation it seems like hotmail.com has a problem
with russian language settings. See below for the diff between an
500 Internal Server Error and 200 OK request:


    -Accept-Language: en;q=1.0,ru;q=0.9
    +Accept-Language: en



I guess Hotmail.com's system administrators missed a few hardening
steps, their developers forgot to have a default catch statement in
their code and the QA people missed both of these issues in the
UAT.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkJxqiwACgkQYDBikGF9JABTnQCgmtAwln+y5/E3Wh+azhYsaufQnvkA
oIZ7M+sBtxRPttpkiUjOSa9EGpZy
=lrCT
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: snapshot1.jpg
Type: image/jpeg
Size: 129625 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050428/83f38789/snapshot1-0001.jpg
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snapshot1.jpg.sig
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050428/83f38789/snapshot1.jpg-0001.ksh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ