Josh, Do you see any quit request types along with this? I see quit requests and it makes the web application complain that it doesn't know what kind of request that is. Kent
On Monday, January 5, 2015 6:28:56 PM UTC-7, Joshua Siler wrote: > > Hi, > > We're getting some weird exceptions that look like hack attempts, and I'm > hoping someone can help us understand them. It looks like an intentionally > malformed URL is somehow causing unexpected behavior. > > Here's what we're seeing. These URLS: > > https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b > ),h.before=b,e= > https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. > https://gadgetco.hiringthing.com/admin/jobs/k(b.onLoad)&&n(a,'load > ',h.onLoad),null==h||'none' > > Will crash our system, and the trace doesn't include any files from our > application (just framework code), trying to load a "Jobs" object that > doesn't exist. > > https://gadgetco.hiringthing.com/admin/jobs/somerandomstring > https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h > > will work correctly, hitting our controller and successfully redirect the > user somewhere, and > > https://gadgetco.hiringthing.com/admin/jobs/1 > > will also work correctly, using Job.find(params[:id]) to load a job (note > object is Job not Jobs). > > Something different is going on between: > > https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. (fails) > https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h (works > correctly) > > and I don't know what. None of the related routes have any fancy regex or > anything unusual. Any insight would be appreciated. > > Thanks for your help. > Josh > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/60a75bf2-3b36-4a3d-b400-8c6576d6ee1e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
