5c5e1a1cd2
... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html
64 lines
1.1 KiB
Plaintext
64 lines
1.1 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP GET
|
|
HTTP proxy
|
|
cookies
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
HTTP/1.1 200 OK
|
|
Server: Microsoft-IIS/4.0
|
|
Date: Tue, 25 Sep 2001 19:37:44 GMT
|
|
Content-Type: text/html
|
|
Connection: close
|
|
Content-Length: 21
|
|
|
|
This server says moo
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP cookie domains tailmatching the host name
|
|
</name>
|
|
<command>
|
|
http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOSTIP:%HTTPPORT
|
|
</command>
|
|
<file name="log/injar1216">
|
|
example.fake FALSE /a FALSE 2139150993 mooo indeed
|
|
example.fake FALSE /b FALSE 0 moo1 indeed
|
|
example.fake FALSE /c FALSE 2139150993 moo2 indeed
|
|
example.fake TRUE /c FALSE 2139150993 moo3 indeed
|
|
</file>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent:.*
|
|
</strip>
|
|
<protocol>
|
|
GET http://example.fake/c/1216 HTTP/1.1
|
|
Host: example.fake
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
Cookie: moo2=indeed; moo3=indeed
|
|
|
|
GET http://bexample.fake/c/1216 HTTP/1.1
|
|
Host: bexample.fake
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|