How would he interpret the response codes 302, 401, 404, 500, 502 ? Are they exploitable?

Dear Criminal IP users, I am performing API audit across my Org gathering response from the endpoints hitting supported methods. I need your help to understand How would he interpret the response codes 302, 401, 404, 500, 502? I’ve saw search guide on Http Status Code on Criminal IP blog. Are they exploitable? If yes, what will be the severity?

2 Likes
1 Like

Thanks for sharing bro. But my question is for example, 502 bad gateway is a known error, but does it provide an opportunity for the attacker to exploit further?

Hey, those codes can come from multiple things, reasons. For example, 502 can be because your backend server is down… or it might be overloaded when too much traffic. So, is it exploitable? It depens. 500 indicates error. Is it exploitable? idk, can be, can be not. Because it can be 1000 things. Your question was extremely general

well sometimes regardless of stats severity exists, any sde via those endpoints?