How to scan pages that always reply with HTTP 200
Created by: pirxthepilot
This is not really an issue, so forgive me if I posted in the wrong section.
I would like to know what is the best approach for web pages that replies with HTTP 200 no matter what you put in after it. Let's say we have a website with this page as the front page:
If I visit any randomly-named URIs after it, e.g.
http://site/frontpage/random http://site/frontpage/cmd.exe
it always shows the front page with HTTP 200. It does not redirect with a 302; it keeps the URI.
As you can see, this is an issue with web app scans as the scanner will incorrectly detect that backdoors/common directories/backup directories/etc are present in the site.
Thanks for the help.