diff options
Diffstat (limited to 'fluent-bit/lib/monkey/qa/path_traversal03.htt')
-rw-r--r-- | fluent-bit/lib/monkey/qa/path_traversal03.htt | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/fluent-bit/lib/monkey/qa/path_traversal03.htt b/fluent-bit/lib/monkey/qa/path_traversal03.htt new file mode 100644 index 000000000..37e165330 --- /dev/null +++ b/fluent-bit/lib/monkey/qa/path_traversal03.htt @@ -0,0 +1,27 @@ +################################################################################ +# DESCRIPTION +# Test against directory traversal (client must not be allowed to "get out" of +# DocumentRoot. +# +# AUTHOR +# Carlos Ghan <charlie.brown.uy@gmail.com> +# +# DATE +# March 08 2010 +# +# COMMENTS +# Mixing dots and %2e +################################################################################ + + +INCLUDE __CONFIG + +CLIENT +_REQ $HOST $PORT +__GET /%2e%2e/../%2e./.%2e/../%2e%2e/../../%2e./.%2e/etc/motd $HTTPVER +__Host: $HOST +__Connection: close +__ +_EXPECT . "HTTP/1.1 403 Forbidden" +_WAIT +END |