The HTTP status code tells the client about the current status of their request. These codes can be divided into five major classes, and each of them can tell the client which actions were taken by the server with these requests.
- 1xx (Data/Information): Request/Input accepted; currently being processed
- 2xx (Success): Request successfully received, understood and accepted
- 3xx (Redirection): Further action needs to be taken to complete the request
- 4xx (Client Error): Request contains Incorrect syntax or cannot be processed
- 5xx (Server Error): Server failed to fulfill a valid request
*Source: Wikipedia (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes)
Finding a Page That Returns a Specific HTTP Status Code Using the ‘status_code’ Filter
Utilizing Criminal IP Asset Search’s (https://www.criminalip.io/asset) status_code filter makes it easier to search for pages containing these specific codes. Searching for the most common 404 (page not found) error results in 35,000+ pages that contain this issue.
[Criminal IP Search 101 – How to Find Web Page Specific HTTP Status Code]
Adding another keyword in the search tab, such as a domain address or through the as_name filter, can yield more specific results.
Finding Security Vulnerabilities Using the ‘status_code’ Filter
The 403 (Forbidden) error denies access to clients regardless of their credentials and can act as an indication that the server contains sensitive information. These types of HTTP status codes can themselves act as a risk, and because of this issue, recent security policies have appropriately revised their methods to show a general error page to circumvent this problem.
“as_name: salesforce.com, inc. status_code:403”
The 500 Internal Server Error is another HTTP status code that shows when the server fails to complete a request; if the cause of the issue is exposed, this can also pose a security vulnerability.
This page also exposes the website’s programming language and server, creating room for potential vulnerabilities that could be used in an attack.
For reference, by using either the accompanying statistics data on the right-hand side of the Asset Search search results page or Elementary Analysis, users can handily search for specific rankings of Product, Service, and AS Name that return certain HTTP status codes.
Source : Criminal IP (https://www.criminalip.io)
Related content :
Leave a Reply