tests/cts/content-filters/data/test33

   1 <testcase>
   2 <info>
   3 <keywords>
   4 HTTP
   5 HTTP GET
   6 filter ie-exploits
   7 </keywords>
   8 </info>
   9
  10 <reply>
  11 <data>
  12 HTTP/1.1 200 OK\r
  13 Date: Thu, 22 Jul 2010 11:22:33 GMT\r
  14 Connection: close\r
  15 Content-Type: text/html\r
  16 X-Control: swsclose\r
  17 \r
  18 # Here are some strings the ie-exploits filter should filter:
  19
  20 # pcrs command 1:
  21
  22 f("javascript:location.replace('mk:@MSITStore:C:')");
  23
  24 # pcrs command 2:
  25
  26 <a href="http://www.example.org/%hex[%01]hex%@blafasel">
  27 <a href="http://www.example.org/%hex[%02]hex%@blafasel">
  28 <a href="http://www.example.org/%hex[%03]hex%@blafasel">
  29
  30 <a href="http://www.example.org/%00@blafasel">
  31 <a href="http://www.example.org/%01@blafasel">
  32 <a href="http://www.example.org/%02@blafasel">
  33
  34 # pcrs command 3:
  35
  36 <script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
  37 <script language="JavaScript">1;''.concat("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
  38 </data>
  39 </reply>
  40
  41 <proxy-reply>
  42 <data>
  43 HTTP/1.1 200 OK\r
  44 Date: Thu, 22 Jul 2010 11:22:33 GMT\r
  45 Connection: close\r
  46 Content-Type: text/html\r
  47 X-Control: swsclose\r
  48 Content-Length: 890\r
  49 \r
  50 # Here are some strings the ie-exploits filter should filter:
  51
  52 # pcrs command 1:
  53
  54 alert("This page looks like it tries to use a vulnerability described here:
  55  http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2");
  56
  57 # pcrs command 2:
  58
  59 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  60 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  61 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  62
  63 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  64 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  65 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
  66
  67 # pcrs command 3:
  68
  69 <br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
  70 <br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
  71 </data>
  72 </proxy-reply>
  73
  74 <client>
  75 <server>
  76 http
  77 </server>
  78 <name>
  79 +filter{ie-exploits}
  80 </name>
  81 <features>
  82 proxy
  83 </features>
  84 <command>
  85 http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER
  86 </command>
  87 </client>
  88
  89 <verify>
  90 <protocol>
  91 GET /ie-exploits/%TESTNUMBER HTTP/1.1\r
  92 Host: %HOSTIP:%HTTPPORT\r
  93 User-Agent: curl/%VERSION\r
  94 Accept: */*\r
  95 Connection: close\r
  96 \r
  97 </protocol>
  98 </verify>
  99 </testcase>