[victorf]

No, it is because lying about your user-agent is not explicitly trying to make an HTTP server perform an action it is not supposed to perform and is therefore not in the same category as SQL injections. HTTP servers are not supposed to use user-agent as authentication.

[pyre]

It's the equivalent of going to a Chinese restaurant and asking for the "Chinese menu" rather than the "American menu" even if you can't read Chinese.

[rmc]

Heh, I'm reminded of an anecdote of an elderly English relative who was in a chinese restaurant (in England), and was suprised that the English menu was chinese food but written in English, instead of steak, potatoes and veg that used to be on the "english menu" in chinese restauarants decades ago. :P

[nederdirk]

Except for that the Chinese menu wasn't written in Chinese but in English. Moreover it contained an access card to the staff lounge where the customer records were open on the table.

[victorf]

Again completely wrong because trespassing on the staff lounge is nothing like receiving a response from an HTTP server. It is like asking for the Chinese menu and being given a list of customer records.

EDIT: and then noticing what happened you ask if they have a version in Korean.