Learn More
Resend Email
11
iSwimInTheC
2y

Finally figured out that 500.30 error.
You won't believe it, but y'all probably will... But I solved my problem by fixing literally one line of code.

This of course pissed me off because this problem persisted for an entire week, even my supervisor could not figure it out.

But I learned so much in failing to find it and making wrong assumptions along the way.

Solving a problem is sometimes just half the battle, the journey along the way counts for something.

My supervisor was super impressed too, so that made me even more happy.

Anyways onto the next problem. 🤪

rant

asp.net

figured it out

happy day
Favorite
Ranter
Comments
  • 1
    2y
    Congratulations, finally solving a problem like that feels almost as winning the lottery, and if you boss was impressed it might even be better :)
  • 2
    2y
    Sometimes finding what's causing an issue that makes no sense is the most fun investigation.

    I once had to figure out why just one person was having an issue with logging into the data platform, even after multiple password resets. After a lot of investigation it turns out that our company's website (<company>.com) gives every user who visits (<client>.<company>.com) a cookie that the data platform checks and found multiple possible SQL injection statements in it. That was just really bad luck and only ever happened once over the 3 years that I was there.
  • 0
    2y
    @cmarshall10450 wow! Good find! Sounds like a bad security vulnerability.
  • 2
    2y
    The one line of code:

    response.End(code: 500, subCode: 30);
  • 2
    2y
    @iSwimInTheC it wasn't really a vulnerability, it was just unlucky. The hash of the cookie that tnay given by our parent site just happened to produce characters that were sql commands. It was caught by a proxy module being set to catch anything that looked as if it could be SQL injection so
  • 0
    2y
    @cmarshall10450 sounds like a bad way to security, hardening the SQL is better, and works for all types of cases.

    Looking for strings that might be sql is likely to trigger false positives.

    And for hashes, they might have some chars that match some sql command but they usually do not contain spaces so a separate validation that the argument is a valid hash would also be better and catch more errors ;)
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment