################################################################################
# DESCRIPTION
#	Test against directory traversal (client must not be allowed to "get out" of
#	DocumentRoot.
#
# AUTHOR
#	Carlos Ghan	<charlie.brown.uy@gmail.com>
#
# DATE
#	March 08 2010
#
# COMMENTS
#	Mixing dots and %2e
################################################################################


INCLUDE __CONFIG

CLIENT
_REQ $HOST $PORT
__GET /%2e%2e/../%2e./.%2e/../%2e%2e/../../%2e./.%2e/etc/motd $HTTPVER
__Host: $HOST
__Connection: close
__
_EXPECT . "HTTP/1.1 403 Forbidden"
_WAIT
END