src/fluent-bit/lib/monkey/qa/path_traversal03.htt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

################################################################################
# DESCRIPTION
#	Test against directory traversal (client must not be allowed to "get out" of
#	DocumentRoot.
#
# AUTHOR
#	Carlos Ghan	<charlie.brown.uy@gmail.com>
#
# DATE
#	March 08 2010
#
# COMMENTS
#	Mixing dots and %2e
################################################################################


INCLUDE __CONFIG

CLIENT
_REQ $HOST $PORT
__GET /%2e%2e/../%2e./.%2e/../%2e%2e/../../%2e./.%2e/etc/motd $HTTPVER
__Host: $HOST
__Connection: close
__
_EXPECT . "HTTP/1.1 403 Forbidden"
_WAIT
END