Re: [Full-disclosure] Hotmail.com doesn't like russians, returns 500 internal server error.

From: Georgi Guninski (guninski_at_guninski.com)
Date: 05/01/05

  • Next message: vulcanius: "Re: [Full-disclosure] Micky-dee's anyone?"
    Date: Sun, 1 May 2005 22:27:20 +0300
    To: auto491351@hushmail.com
    
    

    On Thu, Apr 28, 2005 at 08:31:50PM -0700, auto491351@hushmail.com wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > My friend blshkv showed me that he get hotmail.com to crash by just
    > visiting the site! I used Paros Proxy to intercept the request and
    > replayed it using telnet, with the same result.
    >
    >

    i can reproduce it:

    fuck@bill:~$ cat ./fsckbll.pl
    #!/usr/bin/perl -w

    use IO::Socket;
    my $host=$ARGV[0] || "www.hotmail.com";
    my $port=$ARGV[1] || 80;

    my $sock=IO::Socket::INET->new(Proto => 'tcp',
            PeerAddr => $host,PeerPort =>$port) || die("socket");

    print "Connected to ${host}:${port}\n";
    my $first="GET / HTTP/1.0\r\nAccept-Language: en;q=1.0,ru;q=0.9\r\n\r\n";
    print $sock $first;

    while(<$sock>) {print $_;}

    fuck@bill:~$ ./fsckbll.pl www.hotmail.com 80
    Connected to www.hotmail.com:80
    HTTP/1.1 500 Internal Server Error
    Connection: close
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    X-AspNet-Version: 1.1.4322
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 3026

    <html>
        <head>
            <title>Runtime Error</title>
            <style>
    ...snip...
                <b> Description: </b>An application error occurred on the server.
    The current custom error settings for this application prevent the details of
    the application error from being viewed remotely (for security reasons). It
    could, h
    owever, be viewed by browsers running on the local server machine.

     
    >
    > I guess Hotmail.com's system administrators missed a few hardening
    > steps, their developers forgot to have a default catch statement in
    > their code and the QA people missed both of these issues in the
    > UAT.

    i guess hotmail missed the train.

    -- 
    where do you want bill gates to go today?
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: vulcanius: "Re: [Full-disclosure] Micky-dee's anyone?"

    Relevant Pages

    • Re: Outgoing POP3 email missing/lost/not received
      ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
      (microsoft.public.windows.server.sbs)
    • Re: Cannot connect client to server 2003
      ... you need to reconfigure the IP schema of your SBS ... On the SBS 2003 Server open the Server Management console. ... On the Connection Type page, click Broadband, and then click Next. ... Alternate DNS server, type the IP addresses that are provided by your ISP ...
      (microsoft.public.windows.server.sbs)
    • Re: Outgoing POP3 email missing/lost/not received
      ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
      (microsoft.public.windows.server.sbs)
    • Re: Networking Question - VLANs on SBS 2003 Premium SP1
      ... port on the old router so I now have a segregated WLAN. ... be sure you do not enable any DHCP server in internal network. ... On the Connection Type page, click Broadband, and then click Next. ... On the Network Connection, You must enable and configure the network ...
      (microsoft.public.windows.server.sbs)
    • Re: Urgent! New router and big disaster
      ... In the DHCP Console... ... Right click the DHCP server icon, ... Server Local Area Connection: ... Les Connor [SBS Community Member - SBS MVP] ...
      (microsoft.public.windows.server.sbs)