Hey all, While I don¹t want to debate the approach of taking /nonexistant.ext and redirecting to /validpage.ext?nonexistant.ext via a 30[12] and then returning a response code of 404. The fact is, this is happening. I don¹t agree with it, but, it is happening.
Sadly this is happening on large and small sites. Looking over this lists archives and looking at no404.nasl I am wondering what the reason is that the no404.nasl script does not follow 301/302 until is comes across a final response (e.g. 200, 404, 500)? This then leads me to wonder how thorough are other tests. For example, lets take /securityflaw.php if the site issues a 30[12] to /newsubdir/securityflaw.php is that followed to see if there is a 404 or a 200 response? I ask so I can try and decide what tests I should force when I come across a service that is issuing a 301/302 for whatever reason before delivering a definitive (200,404,500) response. Thanks for a great tool people and I hope my questions above have some straight forward answers that I can use to improve how I make use of nessus. Cheers, Stewart
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
