%timeout 10

%request
POST / HTTP/1.1
Host: $hostname
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: text/xml
Content-Length: $CONTENT_LENGTH

<xml version="1.0" encoding="UTF-8">
<boom type="$type"><![CDATA[$sig]]></boom>
</xml>


%test Ruby on Rails Vuln - CVE-2013-0156 - 1 
########################################
%output 999010
%var sig=--- !ruby/object:UnsafeObject attribute1: value1
%var sig=--- !ruby/string:Arel::Nodes::SqlLiteral \"' OR '2' < '6';--\"
%var type=yaml
%endtest