# FILE 50
%timeout 10

%test weblogic information disclosure
########################################
%event 970021
%output 970021
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Status: 500 Internal Server Error
Response-Content: <title>JSP compile error</title>

%endtest

%test Zope information leakage
########################################
%event 970007
%output 970007
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <h2>Site Error</h2>  <p>An error was encountered while publishing this resource.

%endtest

%test CF information leakage
########################################
%event 970008
%output 970008
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: The error occurred in script.cfm: line 11  bla bla bla Please try the following: <br> Check the ColdFusion documentation to verify that you are using the correct syntax. bla bla  Stack Trace (click to expand)

%endtest

%test PHP information leakage
########################################
%event 970009
%output 970009
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <b>Warning</b> mysql_fetch_row(): supplied argument ... in /web/jvcjazz/intl_view.php on line 142


%endtest

%test ISA server existence revealed
########################################
%event 970010
%output 970010
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: 403 Forbidden - The ISA Server denies the specified Uniform Resource ...bla bla bla... Internet Security and Acceleration Server

%endtest

%test Local file link
########################################
%event 970011
%output 970011
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <a href="c:\\documents\\sensitive.doc">This is my sensitive data, do not touch</a>

%endtest

%test Microsoft office doc properties leakage
########################################
%event 970012
%output 970012
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <o:documentproperties>

%endtest

%test Directory Listing (apache)
########################################
%event 970013
%output 970013
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <html> <head>  <title>Index of /~avi</title> </head> <body><h1>Index of /~avi</h1><table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr><tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/~avi/">Parent Directory</a>       </td><td>&nbsp;</td><td align="right">  - </td></tr><tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="03.17/">03.17/</a>                 </td><td align="right">21-Jul-2007 17:20  </td><td align="right">  - </td></tr>

%endtest

%test CF source code leakage
########################################
%event 970016
%output 970016
%request
GET /cgi-bin/testserver.cgi HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Proxy-Connection: keep-alive
Response-Content: <cf

%endtest