The patch for this failed miserably. We already evade the curl blacklisting by using requests, however we will need to very slightly tweak our command injection payload to evade a blacklist against the ' (0x27, lol) character.
I'll implement and test this, and verify it works on both old and new firmwares.
The patch for this failed miserably. We already evade the
curl
blacklisting by usingrequests
, however we will need to very slightly tweak our command injection payload to evade a blacklist against the ' (0x27, lol) character.I'll implement and test this, and verify it works on both old and new firmwares.