The patch for this failed miserably. We already evade the curl blacklisting by using requests, however we will need to very slightly tweak our command injection payload to evade a blacklist against the ' (0x27, lol) character.
I'll implement and test this, and verify it works on both old and new firmwares.
The patch for this failed miserably. We already evade the
curlblacklisting by usingrequests, however we will need to very slightly tweak our command injection payload to evade a blacklist against the ' (0x27, lol) character.I'll implement and test this, and verify it works on both old and new firmwares.