/usr/share/doc/w3af-console/examples/script-sqli.w3af is in w3af-console 1.0-rc3svn3489-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | # BlindSql exploit after sqli finds vuln
plugins
output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
output config console
set verbose False
back
audit sqli
back
target
set target http://localhost/w3af/audit/sql_injection/select/sql_injection_string.php?name=andres
back
start
assert len(kb.kb.getData('sqli','sqli')) == 1
back
exit
|