Case 37 and a few similar test cases (which perform slash validation) don't
work properly on Linux.
Although under Windows the could be bypassed by replacing / with \, or by
accessing one of the files installed by default in tomcat's root directory
(minor), in Linux that does not seem to work.
For the moment - the best way to reproduce the benchmark results is to use
wavsep on windows XP or windows 7 (right click and run tomcat as admin), and
although the vast majority of test cases will work on Linux, several LFI test
cases might not.
Reported by Tasos Laskos (arachni's developer).
Original issue reported on code.google.com by sectoola...@gmail.com on 25 Jul 2012 at 8:41
Original issue reported on code.google.com by
sectoola...@gmail.comon 25 Jul 2012 at 8:41