

"-1" being used to break site search? - erikwallace

A website I work on has been throwing errors from someone repeatedly entering &quot;-1&quot; into the site search. Is this malicious and what would it accomplish? Thanks in advance I&#x27;ve been unable to find any information Googling.
======
kjs3
A -1 is often used to see if someone isn't sanitizing input correctly, as
under certain circumstances it generates a numerical underflow. I see people
looking for vulnerabilities feeding -1 to the HTML content-length header all
the time. If it's generating errors in your app, perhaps you need to look at
you're handling that field.

------
erikwallace
Thanks you two.

I'll dig into serverfault.com. Since I'm not a network guy Hacker News seemed
like the correct place to ask this question.

~~~
erikwallace
I posted on server fault and nobody seems to think that it's a hacking or
scraping attempt. Thanks again.

------
DanielStraight
Wrong place for this question. Try
[http://serverfault.com/](http://serverfault.com/)

~~~
mschuster91
Don't bite the noobs.

@OP: I believe it's just a script kiddy trying to see if your site search is
vulnerable to any boundary check/conversion issue.

~~~
DanielStraight
... most people just ignore posts like this. I was trying to helpfully
redirect the OP to somewhere they could get a real answer, and you come down
on me for this?

~~~
mschuster91
I'm sorry, I misread your intent as flaming. Just had a couple of idiots in an
IRC channel flaming upon noobs, I overreacted :/

~~~
DanielStraight
No problem. I admit I was being very terse, so I understand how that could be
seen as mean.

