blob: 37e1653301a837be704198f23d4d10b6fab799c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
################################################################################
# DESCRIPTION
# Test against directory traversal (client must not be allowed to "get out" of
# DocumentRoot.
#
# AUTHOR
# Carlos Ghan <charlie.brown.uy@gmail.com>
#
# DATE
# March 08 2010
#
# COMMENTS
# Mixing dots and %2e
################################################################################
INCLUDE __CONFIG
CLIENT
_REQ $HOST $PORT
__GET /%2e%2e/../%2e./.%2e/../%2e%2e/../../%2e./.%2e/etc/motd $HTTPVER
__Host: $HOST
__Connection: close
__
_EXPECT . "HTTP/1.1 403 Forbidden"
_WAIT
END
|