Closed DyonR closed 3 years ago
I don't know how to avoid false positives returning an http 200 page but which are actually error pages Like this: https://core.telegram.org/aaaaaaaaaaaaaaaa Ideas? However I don't think to implement it because otherwise I would have to implement too many other common paths
Good point indeed.
One of the things all /wp-content/uploades (or /wp-content/) pages normally have in common is that the window title always start with 'Index of'. Example you can Google as test intitle:"index of /wp-content/"
. So, if you plan on adding this, could do a HEAD first, and if that returns 200, check the title of the page.
However I don't think to implement it because otherwise I would have to implement too many other common paths
I can agree and understand that 😃 It's up to you 😉! Adding every common path would be a lot of work, for sure.
I am not sure how you think about it, or if you feel like it would fit within the scope of this project, but I think that adding a check for
http://example.com/wp-content/uploads/
would be a nice addition.If you do an HEAD request to an open
/wp-content/uploads/
URL, it shall normally return status 200, if it's blocked, obviously 403, 404 not found, etc.