arachni 0.4.4 → 0.4.5

data/spec/support/logs/Instance - 3054-17565.error.log

@@ -0,0 +1,312 @@
+
+2013-09-12 19:43:02 +0300 --------------------------------------------------------------------------------
+ENV:
+---
+!binary "U1NIX0FHRU5UX1BJRA==": !binary |-
+  Mzc3Ng==
+!binary "S0RFX01VTFRJSEVBRA==": !binary |-
+  ZmFsc2U=
+!binary "cnZtX2Jpbl9wYXRo": !binary |-
+  L2hvbWUvemFwb3Rlay8ucnZtL2Jpbg==
+!binary "Tk9LT0dJUklfVVNFX1NZU1RFTV9MSUJSQVJJRVM=": !binary |-
+  dHJ1ZQ==
+!binary "R0VNX0hPTUU=": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vZ2Vtcw==
+!binary "R1BHX0FHRU5UX0lORk8=": !binary |-
+  L3RtcC9ncGctcDloZDRzL1MuZ3BnLWFnZW50OjM3Nzg6MQ==
+!binary "U0hFTEw=": !binary |-
+  L2Jpbi9iYXNo
+!binary "VEVSTQ==": !binary |-
+  eHRlcm0=
+!binary "WERHX1NFU1NJT05fQ09PS0lF": !binary |-
+  ZmNmYzVlNDQxYzcxZjM3YzgzODdjOGI1MDAwMDAwMDMtMTM3NTM5MjM5MS4y
+  MjQ2MzEtMjAyNTg2NTc3NA==
+!binary "SVJCUkM=": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2xpYi9y
+  dWJ5Ly5pcmJyYw==
+!binary "R1RLMl9SQ19GSUxFUw==": !binary |-
+  L2V0Yy9ndGstMi4wL2d0a3JjOi9ob21lL3phcG90ZWsvLmd0a3JjLTIuMDov
+  aG9tZS96YXBvdGVrLy5rZGUvc2hhcmUvY29uZmlnL2d0a3JjLTIuMA==
+!binary "S09OU09MRV9EQlVTX1NFUlZJQ0U=": !binary |-
+  OjEuNjI=
+!binary "S09OU09MRV9QUk9GSUxFX05BTUU=": !binary |-
+  U2hlbGw=
+!binary "R1NfTElC": !binary |-
+  L2hvbWUvemFwb3Rlay8uZm9udHM=
+!binary "R1RLX1JDX0ZJTEVT": !binary |-
+  L2V0Yy9ndGsvZ3RrcmM6L2hvbWUvemFwb3Rlay8uZ3RrcmM6L2hvbWUvemFw
+  b3Rlay8ua2RlL3NoYXJlL2NvbmZpZy9ndGtyYw==
+!binary "V0lORE9XSUQ=": !binary |-
+  NzEzMDMxOTM=
+!binary "R05PTUVfS0VZUklOR19DT05UUk9M": !binary |-
+  L3J1bi91c2VyL3phcG90ZWsva2V5cmluZy1mOFlUOG8=
+!binary "TVlfUlVCWV9IT01F": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2xpYi9y
+  dWJ5
+!binary "U0hFTExfU0VTU0lPTl9JRA==": !binary |-
+  NDdjMDkwOTY5ZmYxNDAwMDllNGIxMjBlZGUxYTNlMzU=
+!binary "R1RLX01PRFVMRVM=": !binary |-
+  b3ZlcmxheS1zY3JvbGxiYXI=
+!binary "S0RFX0ZVTExfU0VTU0lPTg==": !binary |-
+  dHJ1ZQ==
+!binary "VVNFUg==": !binary |-
+  emFwb3Rlaw==
+!binary "TERfTElCUkFSWV9QQVRI": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2xpYg==
+!binary "TFNfQ09MT1JT": !binary |-
+  cnM9MDpkaT0wMTszNDpsbj0wMTszNjptaD0wMDpwaT00MDszMzpzbz0wMTsz
+  NTpkbz0wMTszNTpiZD00MDszMzswMTpjZD00MDszMzswMTpvcj00MDszMTsw
+  MTpzdT0zNzs0MTpzZz0zMDs0MzpjYT0zMDs0MTp0dz0zMDs0Mjpvdz0zNDs0
+  MjpzdD0zNzs0NDpleD0wMTszMjoqLnRhcj0wMTszMToqLnRnej0wMTszMToq
+  LmFyaj0wMTszMToqLnRhej0wMTszMToqLmx6aD0wMTszMToqLmx6bWE9MDE7
+  MzE6Ki50bHo9MDE7MzE6Ki50eHo9MDE7MzE6Ki56aXA9MDE7MzE6Ki56PTAx
+  OzMxOiouWj0wMTszMToqLmR6PTAxOzMxOiouZ3o9MDE7MzE6Ki5sej0wMTsz
+  MToqLnh6PTAxOzMxOiouYnoyPTAxOzMxOiouYno9MDE7MzE6Ki50Yno9MDE7
+  MzE6Ki50YnoyPTAxOzMxOioudHo9MDE7MzE6Ki5kZWI9MDE7MzE6Ki5ycG09
+  MDE7MzE6Ki5qYXI9MDE7MzE6Ki53YXI9MDE7MzE6Ki5lYXI9MDE7MzE6Ki5z
+  YXI9MDE7MzE6Ki5yYXI9MDE7MzE6Ki5hY2U9MDE7MzE6Ki56b289MDE7MzE6
+  Ki5jcGlvPTAxOzMxOiouN3o9MDE7MzE6Ki5yej0wMTszMToqLmpwZz0wMTsz
+  NToqLmpwZWc9MDE7MzU6Ki5naWY9MDE7MzU6Ki5ibXA9MDE7MzU6Ki5wYm09
+  MDE7MzU6Ki5wZ209MDE7MzU6Ki5wcG09MDE7MzU6Ki50Z2E9MDE7MzU6Ki54
+  Ym09MDE7MzU6Ki54cG09MDE7MzU6Ki50aWY9MDE7MzU6Ki50aWZmPTAxOzM1
+  OioucG5nPTAxOzM1Oiouc3ZnPTAxOzM1Oiouc3Znej0wMTszNToqLm1uZz0w
+  MTszNToqLnBjeD0wMTszNToqLm1vdj0wMTszNToqLm1wZz0wMTszNToqLm1w
+  ZWc9MDE7MzU6Ki5tMnY9MDE7MzU6Ki5ta3Y9MDE7MzU6Ki53ZWJtPTAxOzM1
+  Oioub2dtPTAxOzM1OioubXA0PTAxOzM1OioubTR2PTAxOzM1OioubXA0dj0w
+  MTszNToqLnZvYj0wMTszNToqLnF0PTAxOzM1OioubnV2PTAxOzM1Oioud212
+  PTAxOzM1OiouYXNmPTAxOzM1Oioucm09MDE7MzU6Ki5ybXZiPTAxOzM1Oiou
+  ZmxjPTAxOzM1OiouYXZpPTAxOzM1OiouZmxpPTAxOzM1OiouZmx2PTAxOzM1
+  OiouZ2w9MDE7MzU6Ki5kbD0wMTszNToqLnhjZj0wMTszNToqLnh3ZD0wMTsz
+  NToqLnl1dj0wMTszNToqLmNnbT0wMTszNToqLmVtZj0wMTszNToqLmF4dj0w
+  MTszNToqLmFueD0wMTszNToqLm9ndj0wMTszNToqLm9neD0wMTszNToqLmFh
+  Yz0wMDszNjoqLmF1PTAwOzM2OiouZmxhYz0wMDszNjoqLm1pZD0wMDszNjoq
+  Lm1pZGk9MDA7MzY6Ki5ta2E9MDA7MzY6Ki5tcDM9MDA7MzY6Ki5tcGM9MDA7
+  MzY6Ki5vZ2c9MDA7MzY6Ki5yYT0wMDszNjoqLndhdj0wMDszNjoqLmF4YT0w
+  MDszNjoqLm9nYT0wMDszNjoqLnNweD0wMDszNjoqLnhzcGY9MDA7MzY6
+!binary "WENVUlNPUl9TSVpF": !binary |-
+  MA==
+!binary "cnZtX3BhdGg=": !binary |-
+  L2hvbWUvemFwb3Rlay8ucnZt
+!binary "U1NIX0FVVEhfU09DSw==": !binary |-
+  L3RtcC9zc2gtdTNZSWNjY1V2Q29TL2FnZW50LjM3MTA=
+!binary "VVNFUk5BTUU=": !binary |-
+  emFwb3Rlaw==
+!binary "U0VTU0lPTl9NQU5BR0VS": !binary |-
+  bG9jYWwvem9uc3RlcjpAL3RtcC8uSUNFLXVuaXgvMzg5Myx1bml4L3pvbnN0
+  ZXI6L3RtcC8uSUNFLXVuaXgvMzg5Mw==
+!binary "REVGQVVMVFNfUEFUSA==": !binary |-
+  L3Vzci9zaGFyZS9nY29uZi9rZGUtcGxhc21hLmRlZmF1bHQucGF0aA==
+!binary "WERHX0NPTkZJR19ESVJT": !binary |-
+  L2V0Yy94ZGcveGRnLWtkZS1wbGFzbWE6L2V0Yy94ZGc=
+!binary "cnZtX3ByZWZpeA==": !binary |-
+  L2hvbWUvemFwb3Rlaw==
+!binary "REVTS1RPUF9TRVNTSU9O": !binary |-
+  a2RlLXBsYXNtYQ==
+!binary "UEFUSA==": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vZ2Vtcy9iaW46
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vLi4vYmluOi9o
+  b21lL3phcG90ZWsvYnVpbGRzL2FyYWNobmkvc3lzdGVtL3Vzci9iaW46L3Vz
+  ci9saWIveDg2XzY0LWxpbnV4LWdudS9xdDQvYmluOi91c3IvbG9jYWwvc2Jp
+  bjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2Jp
+  bjovdXNyL2dhbWVzOi91c3IvbG9jYWwvZ2FtZXM=
+!binary "UFdE": !binary |-
+  L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaQ==
+!binary "S09OU09MRV9EQlVTX1dJTkRPVw==": !binary |-
+  L1dpbmRvd3MvMQ==
+!binary "S0RFX1NFU1NJT05fVUlE": !binary |-
+  MTAwMA==
+!binary "TEFORw==": !binary |-
+  ZW5fVVMuVVRGLTg=
+!binary "R05PTUVfS0VZUklOR19QSUQ=": !binary |-
+  MzY5Mg==
+!binary "TUFOREFUT1JZX1BBVEg=": !binary |-
+  L3Vzci9zaGFyZS9nY29uZi9rZGUtcGxhc21hLm1hbmRhdG9yeS5wYXRo
+!binary "R0RNX0xBTkc=": !binary |-
+  ZW5fVVM=
+!binary "VUJVTlRVX01FTlVQUk9YWQ==": !binary |-
+  bGliYXBwbWVudS5zbw==
+!binary "S09OU09MRV9EQlVTX1NFU1NJT04=": !binary |-
+  L1Nlc3Npb25zLzIx
+!binary "R0RNU0VTU0lPTg==": !binary |-
+  a2RlLXBsYXNtYQ==
+!binary "cnZtX3ZlcnNpb24=": !binary |-
+  MS4yMS44IChzdGFibGUp
+!binary "U0hMVkw=": !binary |-
+  MQ==
+!binary "SE9NRQ==": !binary |-
+  L2hvbWUvemFwb3Rlaw==
+!binary "Q09MT1JGR0JH": !binary |-
+  MTU7MA==
+!binary "S0RFX1NFU1NJT05fVkVSU0lPTg==": !binary |-
+  NA==
+!binary "TEFOR1VBR0U=": !binary |-
+  ZW5fVVM6ZW4=
+!binary "WENVUlNPUl9USEVNRQ==": !binary |-
+  b3h5LXdoaXRl
+!binary "RFlMRF9MSUJSQVJZX1BBVEg=": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2xpYjo=
+!binary "TE9HTkFNRQ==": !binary |-
+  emFwb3Rlaw==
+!binary "R0VNX1BBVEg=": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vZ2Vtcw==
+!binary "WERHX0RBVEFfRElSUw==": !binary |-
+  L3Vzci9zaGFyZTovdXNyL3NoYXJlL2tkZS1wbGFzbWE6L3Vzci9sb2NhbC9z
+  aGFyZS86L3Vzci9zaGFyZS8=
+!binary "REJVU19TRVNTSU9OX0JVU19BRERSRVNT": !binary |-
+  dW5peDphYnN0cmFjdD0vdG1wL2RidXMtS2VkQWNjbTVjUyxndWlkPTJkZDcx
+  ZWVhM2NkNjAwNGZlOGFlOWQ2NzUxZmFkMjg3
+!binary "TEVTU09QRU4=": !binary |-
+  fCAvdXNyL2Jpbi9sZXNzcGlwZSAlcw==
+!binary "VEVYVERPTUFJTg==": !binary |-
+  aW0tY29uZmln
+!binary "V0lORE9XUEFUSA==": !binary |-
+  Nw==
+!binary "UFJPRklMRUhPTUU=": !binary ""
+!binary "WERHX1JVTlRJTUVfRElS": !binary |-
+  L3J1bi91c2VyL3phcG90ZWs=
+!binary "RElTUExBWQ==": !binary |-
+  OjE=
+!binary "UVRfUExVR0lOX1BBVEg=": !binary |-
+  L2hvbWUvemFwb3Rlay8ua2RlL2xpYi9rZGU0L3BsdWdpbnMvOi91c3IvbGli
+  L2tkZTQvcGx1Z2lucy8=
+!binary "WERHX0NVUlJFTlRfREVTS1RPUA==": !binary |-
+  S0RF
+!binary "UlVCWUxJQg==": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2xpYi9y
+  dWJ5Oi9ob21lL3phcG90ZWsvYnVpbGRzL2FyYWNobmkvc3lzdGVtL3Vzci9s
+  aWIvcnVieS9zaXRlX3J1YnkvMS45LjE6L2hvbWUvemFwb3Rlay9idWlsZHMv
+  YXJhY2huaS9zeXN0ZW0vdXNyL2xpYi9ydWJ5LzEuOS4xOi9ob21lL3phcG90
+  ZWsvYnVpbGRzL2FyYWNobmkvc3lzdGVtL3Vzci9saWIvcnVieS8xLjkuMS94
+  ODZfNjQtbGludXg6L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0
+  ZW0vdXNyL2xpYi9ydWJ5L3NpdGVfcnVieS8xLjkuMS94ODZfNjQtbGludXg=
+!binary "UlVCWV9WRVJTSU9O": !binary |-
+  cnVieS0xLjkuMy1wNDQ4
+!binary "TEVTU0NMT1NF": !binary |-
+  L3Vzci9iaW4vbGVzc3BpcGUgJXMgJXM=
+!binary "VEVYVERPTUFJTkRJUg==": !binary |-
+  L3Vzci9zaGFyZS9sb2NhbGUv
+!binary "WEFVVEhPUklUWQ==": !binary |-
+  L3RtcC9rZGUtemFwb3Rlay94YXV0aC0xMDAwLV8x
+!binary "Xw==": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vdXNyL2Jpbi9y
+  YWtl
+!binary "X09SSUdJTkFMX0dFTV9QQVRI": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vZ2Vtcw==
+!binary "QlVORExFX0JJTl9QQVRI": !binary |-
+  L2hvbWUvemFwb3Rlay9idWlsZHMvYXJhY2huaS9zeXN0ZW0vZ2Vtcy9nZW1z
+  L2J1bmRsZXItMS4zLjUvYmluL2J1bmRsZQ==
+!binary "QlVORExFX0dFTUZJTEU=": !binary |-
+  L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9HZW1maWxl
+!binary "UlVCWU9QVA==": !binary |-
+  LUkvaG9tZS96YXBvdGVrL2J1aWxkcy9hcmFjaG5pL3N5c3RlbS9nZW1zL2dl
+  bXMvYnVuZGxlci0xLjMuNS9saWIgLXJidW5kbGVyL3NldHVw
+--------------------------------------------------------------------------------
+OPTIONS:
+--- !ruby/object:Arachni::Options
+dir:
+  root: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS8=
+  gfx: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9nZngv
+  conf: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9jb25mLw==
+  logs: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9zcGVjL3N1cHBvcnQv
+    bG9ncy8=
+  data: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9kYXRhLw==
+  modules: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9zcGVjL3N1cHBvcnQv
+    Zml4dHVyZXMvbW9kdWxlcy8=
+  reports: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9yZXBvcnRzLw==
+  plugins: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9zcGVjL3N1cHBvcnQv
+    Zml4dHVyZXMvcGx1Z2lucy8=
+  rpcd_handlers: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9ycGNkX2hhbmRsZXJz
+    Lw==
+  path_extractors: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9wYXRoX2V4dHJhY3Rv
+    cnMv
+  fingerprinters: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9zcGVjL3N1cHBvcnQv
+    Zml4dHVyZXMvZmluZ2VycHJpbnRlcnMv
+  lib: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9saWIvYXJhY2huaS8=
+  support: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9saWIvYXJhY2huaS9z
+    dXBwb3J0Lw==
+  mixins: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9saWIvYXJhY2huaS9t
+    aXhpbnMv
+  arachni: !binary |-
+    L2hvbWUvemFwb3Rlay93b3Jrc3BhY2UvYXJhY2huaS9saWIvYXJhY2huaQ==
+user_agent: Arachni/v0.4.5
+http_timeout: 50000
+datastore:
+  :token: !binary |-
+    OWUzMjEzY2VkZjRkMjgyNDlmZmZmYzRkN2M2N2JjZTA3OWFiY2U3ZThiOTBm
+    YzBlYTlmZjg5NGVmMDhiYTUyNw==
+redundant: {}
+grid_mode: 
+https_only: false
+obey_robots_txt: false
+fuzz_methods: false
+audit_cookies_extensively: false
+exclude_binaries: false
+auto_redundant: 
+depth_limit: 
+link_count_limit: 
+redirect_limit: 20
+lsmod: []
+lsrep: []
+http_req_limit: 20
+http_username: 
+http_password: 
+mods: []
+reports: {}
+exclude: []
+exclude_pages: []
+exclude_cookies: []
+exclude_vectors: []
+include: []
+lsplug: []
+plugins: {}
+rpc_instance_port_range:
+- 1025
+- 65535
+load_profile: []
+restrict_paths: []
+extend_paths: []
+custom_headers: {}
+min_pages_per_instance: 30
+max_slaves: 10
+no_fingerprinting: false
+platforms: []
+spawns: 0
+rpc_address: localhost
+url: 
+start_datetime: 
+cookies: 
+finish_datetime: 
+delta_time: 
+audit_links: 
+audit_forms: 
+audit_cookies: 
+audit_headers: 
+authed_by: 
+cookie_jar: 
+cookie_string: 
+no_protocol_for_url: 
+save_profile: 
+nickname: 
+rpc_port: 17565
+rpc_socket: 
+neighbour: 
+node_ping_interval: 
+pipe_id: 
+weight: 
+cost: 
+--------------------------------------------------------------------------------
+[2013-09-12 19:43:02 +0300] Test

data/spec/support/servers/modules/audit/file_inclusion.rb

@@ -0,0 +1,202 @@
+require 'sinatra'
+require 'sinatra/contrib'
+
+def default
+    "default.html"
+end
+
+FILE_TO_PLATFORM = {
+    '/boot.ini'          => :windows,
+    '/windows/win.ini'   => :windows,
+    '/winnt/win.ini'     => :windows,
+    '/etc/passwd'        => :unix,
+    '/proc/self/environ' => :unix,
+    '/WEB-INF/web.xml'   => :tomcat
+}
+
+OUT = {
+    unix:    'root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+
+DOCUMENT_ROOT=/home/www/web424/htmlGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_ENCODING=gzip, deflateHTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5HTTP_CONNECTION=keep-aliveHTTP_DNT=1HTTP_HOST=www.kaffeehausleclub.deHTTP_USER_AGENT=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0PATH=/bin:/usr/binPHPRC=/etc/apache2/confixx_php/web424/1QUERY_STRING=inhalt=/proc/self/environREDIRECT_STATUS=200REMOTE_ADDR=79.107.71.228REMOTE_PORT=48720REQUEST_METHOD=GETREQUEST_URI=/inhalt/start.php?inhalt=/proc/self/environSCRIPT_FILENAME=/home/www/web424/html/inhalt/start.phpSCRIPT_NAME=/inhalt/start.phpSERVER_ADDR=87.119.215.14SERVER_ADMIN=[no address given]SERVER_NAME=www.kaffeehausleclub.deSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=
+Apache/2.2.16 (Debian) Server at www.kaffeehausleclub.de Port 80
+SERVER_SOFTWARE=Apache/2.2.16 (Debian)UNIQUE_ID=Uf6y2Fd31w4AAHYyW8AAAAAk
+',
+    windows: '[boot loader]
+timeout=30
+default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
+[operating systems]
+multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
+
+; for 16-bit app support
+[fonts]
+[extensions]
+[mci extensions]
+[files]
+[Mail]
+MAPI=1
+CMC=1
+CMCDLLNAME32=mapi32.dll
+CMCDLLNAME=mapi.dll
+MAPIX=1
+',
+    tomcat: '<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
+  <display-name>VulnerabilityDetectionChallenge</display-name>
+  <welcome-file-list>
+    <welcome-file>index.html</welcome-file>
+    <welcome-file>index.htm</welcome-file>
+    <welcome-file>index.jsp</welcome-file>
+    <welcome-file>default.html</welcome-file>
+    <welcome-file>default.htm</welcome-file>
+    <welcome-file>default.jsp</welcome-file>
+  </welcome-file-list>
+
+  <!-- Define a Security Constraint on this Application -->
+  <security-constraint>
+    <web-resource-collection>
+     <web-resource-name>Weak authentication - basic</web-resource-name>
+     <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+     <role-name>tomcat</role-name>
+     <role-name>role1</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Define the Login Configuration for this Application -->
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>Application</realm-name>
+    <!--realm-name>Weak authentication - basic</realm-name-->
+  </login-config>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <description>
+      The role that is required to access protected pages
+    </description>
+     <role-name>tomcat</role-name>
+  </security-role>
+
+  <security-role>
+    <description>
+      The role that is required to access protected pages
+    </description>
+     <role-name>role1</role-name>
+  </security-role>
+',
+    php: '
+An error occurred in script,
+Failed opening \'stuff\' for inclusion,
+Failed opening required,
+failed to open stream: stuff,
+<b>Warning<b>: file,
+<b>Warning<b>: read_file,
+<b>Warning<b>: highlight_file,
+<b>Warning<b>: show_source
+',
+    perl: '
+in stuff at stuff line 10.'
+}
+
+def get_variations( system, str )
+    return if !str
+    str = str.split( "\0" ).first
+    str = str.split( 'file:/' ).last
+    str = str.split( 'c:' ).last
+    file = File.expand_path( str ).gsub( /\/+/, '/' )
+
+    return if system != FILE_TO_PLATFORM[file] && system != :php && system != :perl
+
+    OUT[FILE_TO_PLATFORM[file]]
+end
+
+OUT.keys.each do |system|
+    system_str = system.to_s
+
+    get '/' + system_str do
+        <<-EOHTML
+            <a href="/#{system_str}/link?input=default">Link</a>
+            <a href="/#{system_str}/form">Form</a>
+            <a href="/#{system_str}/cookie">Cookie</a>
+            <a href="/#{system_str}/header">Header</a>
+        EOHTML
+    end
+
+    get "/#{system_str}/link" do
+        <<-EOHTML
+            <a href="/#{system_str}/link/straight?input=#{default}">Link</a>
+            <a href="/#{system_str}/link/with_null?input=#{default}">Link</a>
+        EOHTML
+    end
+
+    get "/#{system_str}/link/straight" do
+        return if params['input'].start_with?( default ) || params['input'].include?( "\0" )
+        get_variations( system, params['input'] )
+    end
+
+    get "/#{system_str}/link/with_null" do
+        return if !params['input'].end_with?( "\00.html" )
+        get_variations( system, params['input'].split( "\0.html" ).first )
+    end
+
+    get "/#{system_str}/form" do
+        <<-EOHTML
+            <form action="/#{system_str}/form/straight" method='post'>
+                <input name='input' value='#{default}' />
+            </form>
+
+            <form action="/#{system_str}/form/with_null" method='post'>
+                <input name='input' value='#{default}' />
+            </form>
+
+        EOHTML
+    end
+
+    post "/#{system_str}/form/straight" do
+        return if params['input'].start_with?( default ) || params['input'].include?( "\0" )
+        get_variations( system, params['input'] )
+    end
+
+    post "/#{system_str}/form/with_null" do
+        return if !params['input'].end_with?( "\00.html" )
+        get_variations( system, params['input'].split( "\0.html" ).first )
+    end
+
+    get "/#{system_str}/cookie" do
+        <<-HTML
+            <a href="/#{system_str}/cookie/straight">Cookie</a>
+        HTML
+    end
+
+    get "/#{system_str}/cookie/straight" do
+        cookies['cookie'] ||= default
+        return if cookies['cookie'].start_with?( default )
+
+        get_variations( system, cookies['cookie'] )
+    end
+
+    get "/#{system_str}/header" do
+        <<-EOHTML
+            <a href="/#{system_str}/header/straight">Header</a>
+            <a href="/#{system_str}/header/with_null">Header</a>
+        EOHTML
+    end
+
+    get "/#{system_str}/header/straight" do
+        default = 'arachni_user'
+        return if env['HTTP_USER_AGENT'].start_with?( default ) || env['HTTP_USER_AGENT'].include?( "\0" )
+
+        get_variations( system, env['HTTP_USER_AGENT'] )
+    end
+
+    get "/#{system_str}/header/with_null" do
+        default = 'arachni_user'
+        return if !env['HTTP_USER_AGENT'].end_with?( "\00.html" )
+
+        get_variations( system, env['HTTP_USER_AGENT'] )
+    end
+
+end