Namazu-users-ja(旧)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Namazu 2.0.9 was released.
菅です。
> では次は
> cd namazu-2.0.9/tests
> してから sh -xv namazu-cgi-8
> で何をしているか見て見る
下に付けます。一番最後の試験でうまく引っ掛かっていないようですねぇ。
#! /bin/sh
#
# Test for cross-site scripting vulnerability
#
LOG=`pwd`/test-log
+ pwd
LOG=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/test-log
echo ' *** starting ' $0 >>$LOG
+ echo *** starting namazu-cgi-8
pwd=`pwd`
+ pwd
pwd=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd/idx19" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/idx19
# To make messages English
LANG= ; export LANG
LANG=
+ export LANG
unset LANGUAGE
+ unset LANGUAGE
unset LC_ALL
+ unset LC_ALL
unset LC_MESSAGES
+ unset LC_MESSAGES
# check "query"
SCRIPT_NAME='namazu.cgi'
SCRIPT_NAME=namazu.cgi
QUERY_STRING='query="<S>strike</S>'
QUERY_STRING=query="<S>strike</S>
export SCRIPT_NAME QUERY_STRING
+ export SCRIPT_NAME QUERY_STRING
cd ../src
+ cd ../src
RESULT=`./namazu.cgi | grep '"<' | wc -l`
+ ./namazu.cgi
+ grep "<
+ wc -l
RESULT= 3
if [ $RESULT -ne 3 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 3 -ne 3 ]
# check "subquery"
QUERY_STRING='query=foo&subquery="<S>strike</S>'
QUERY_STRING=query=foo&subquery="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"<' | wc -l`
+ ./namazu.cgi
+ grep "<
+ wc -l
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "format"
QUERY_STRING='query=namazu&format="<S>strike</S>'
QUERY_STRING=query=namazu&format="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ ./namazu.cgi
+ grep "
+ wc -l
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "result" (for special character)
QUERY_STRING='query=namazu&result=%60ls%60'
QUERY_STRING=query=namazu&result=%60ls%60
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi 2>&1 | grep '\`ls\`' | wc -l`
+ ./namazu.cgi
+ wc -l
+ grep `ls`
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "sort"
QUERY_STRING='query=namazu&sort="<S>strike</S>'
QUERY_STRING=query=namazu&sort="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ wc -l
+ grep "
+ ./namazu.cgi
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "max"
QUERY_STRING='query=namazu&max="<S>strike</S>'
QUERY_STRING=query=namazu&max="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '<S>' | wc -l`
+ wc -l
+ grep <S>
+ ./namazu.cgi
RESULT= 0
if [ $RESULT -ne 0 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 0 -ne 0 ]
# check "whence"
QUERY_STRING='query=namazu&whence="<S>strike</S>'
QUERY_STRING=query=namazu&whence="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ wc -l
+ grep "
+ ./namazu.cgi
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "lang"
QUERY_STRING='query=namazu&lang="<S>strike</S>'
QUERY_STRING=query=namazu&lang="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ wc -l
+ grep "
+ ./namazu.cgi
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "reference"
QUERY_STRING='query=namazu&reference="<S>strike</S>'
QUERY_STRING=query=namazu&reference="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ wc -l
+ grep "
+ ./namazu.cgi
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "submit"
QUERY_STRING='query=namazu&submit="<S>strike</S>'
QUERY_STRING=query=namazu&submit="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi | grep '"' | wc -l`
+ ./namazu.cgi
+ grep "
+ wc -l
RESULT= 1
if [ $RESULT -ne 1 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 1 ]
# check "idxname"
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
QUERY_STRING='query=namazu&idxname=idx1&idxname="<S>strike</S>'
QUERY_STRING=query=namazu&idxname=idx1&idxname="<S>strike</S>
export QUERY_STRING
+ export QUERY_STRING
RESULT=`./namazu.cgi 2>&1 | grep '<S>' | wc -l`
+ ./namazu.cgi
+ grep <S>
+ wc -l
RESULT= 1
if [ $RESULT -ne 0 ]
then
echo $RESULT >> $LOG
exit 1
fi
+ [ 1 -ne 0 ]
+ echo 1
+ exit 1
--
ADVANTEST corp.
Taiji.Can@xxxxxxxxxxxxxxxxxxx