Error messages from a patched target

[noperator]

For your awareness, I think you may receive these error messages from a target that's been patched for CVE-2017-9248. When dp is less than 44 characters long, you'll get the first error (note the line break before Parameter name); when it's 44 characters or longer, you'll get the second.

$ curl -sk "$TARGET/Telerik.Web.UI.DialogHandler.aspx?dp="$(python3 -c 'print("A" * 43)')

<div>Error Message:Length cannot be less than zero.
Parameter name: length</div>

$ curl -sk "$TARGET/Telerik.Web.UI.DialogHandler.aspx?dp="$(python3 -c 'print("A" * 44)')

<div>Error Message:The hash is not valid!</div>

I've found recent forum posts here and here where users have patched their Telerik assemblies and are seeing The hash is not valid! when attempting to exploit this vulnerability after the patch. Just documenting this here in hopes that it'll help others who run into these messages in the future.