Namazu-users-ja(旧)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Namazu 2.0.9 was released.



  菅です。

> では次は 
> cd namazu-2.0.9/tests 
> してから sh -xv namazu-cgi-8
> で何をしているか見て見る

  下に付けます。一番最後の試験でうまく引っ掛かっていないようですねぇ。

#! /bin/sh
#
# Test for cross-site scripting vulnerability
#
LOG=`pwd`/test-log
+ pwd 
LOG=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/test-log
echo '  *** starting ' $0 >>$LOG
+ echo   *** starting  namazu-cgi-8 
pwd=`pwd`
+ pwd 
pwd=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd/idx19" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/idx19 

# To make messages English
LANG= ; export LANG
LANG=
+ export LANG 
unset LANGUAGE
+ unset LANGUAGE 
unset LC_ALL
+ unset LC_ALL 
unset LC_MESSAGES
+ unset LC_MESSAGES 

# check "query"
SCRIPT_NAME='namazu.cgi'
SCRIPT_NAME=namazu.cgi
QUERY_STRING='query="<S>strike</S>'
QUERY_STRING=query="<S>strike</S>
export SCRIPT_NAME QUERY_STRING 
+ export SCRIPT_NAME QUERY_STRING 

cd ../src
+ cd ../src 
RESULT=`./namazu.cgi | grep '&quot;&lt;' | wc -l`
+ ./namazu.cgi 
+ grep &quot;&lt; 
+ wc -l 
RESULT=       3
if [ $RESULT -ne 3 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 3 -ne 3 ] 

# check "subquery"
QUERY_STRING='query=foo&subquery="<S>strike</S>'
QUERY_STRING=query=foo&subquery="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot;&lt;' | wc -l`
+ ./namazu.cgi 
+ grep &quot;&lt; 
+ wc -l 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "format"
QUERY_STRING='query=namazu&format="<S>strike</S>'
QUERY_STRING=query=namazu&format="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ ./namazu.cgi 
+ grep &quot 
+ wc -l 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "result" (for special character)
QUERY_STRING='query=namazu&result=%60ls%60'
QUERY_STRING=query=namazu&result=%60ls%60
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi 2>&1 | grep '\`ls\`' | wc -l`
+ ./namazu.cgi 
+ wc -l 
+ grep `ls` 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "sort"
QUERY_STRING='query=namazu&sort="<S>strike</S>'
QUERY_STRING=query=namazu&sort="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ wc -l 
+ grep &quot 
+ ./namazu.cgi 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "max"
QUERY_STRING='query=namazu&max="<S>strike</S>'
QUERY_STRING=query=namazu&max="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '<S>' | wc -l`
+ wc -l 
+ grep <S> 
+ ./namazu.cgi 
RESULT=       0
if [ $RESULT -ne 0 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 0 -ne 0 ] 

# check "whence"
QUERY_STRING='query=namazu&whence="<S>strike</S>'
QUERY_STRING=query=namazu&whence="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ wc -l 
+ grep &quot 
+ ./namazu.cgi 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "lang"
QUERY_STRING='query=namazu&lang="<S>strike</S>'
QUERY_STRING=query=namazu&lang="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ wc -l 
+ grep &quot 
+ ./namazu.cgi 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "reference"
QUERY_STRING='query=namazu&reference="<S>strike</S>'
QUERY_STRING=query=namazu&reference="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ wc -l 
+ grep &quot 
+ ./namazu.cgi 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "submit"
QUERY_STRING='query=namazu&submit="<S>strike</S>'
QUERY_STRING=query=namazu&submit="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi | grep '&quot' | wc -l`
+ ./namazu.cgi 
+ grep &quot 
+ wc -l 
RESULT=       1
if [ $RESULT -ne 1 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 1 ] 

# check "idxname"
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests 

QUERY_STRING='query=namazu&idxname=idx1&idxname="<S>strike</S>'
QUERY_STRING=query=namazu&idxname=idx1&idxname="<S>strike</S>
export QUERY_STRING 
+ export QUERY_STRING 

RESULT=`./namazu.cgi 2>&1 | grep '<S>' | wc -l`
+ ./namazu.cgi 
+ grep <S> 
+ wc -l 
RESULT=       1
if [ $RESULT -ne 0 ]
then
	echo $RESULT >> $LOG
	exit 1
fi
+ [ 1 -ne 0 ] 
+ echo 1 
+ exit 1 
-- 

					ADVANTEST corp.
					Taiji.Can@xxxxxxxxxxxxxxxxxxx