CiscoRV320Dump icon indicating copy to clipboard operation
CiscoRV320Dump copied to clipboard

Published 20 hours ago verified publisher icon 0x27

Add patch bypass in command injection

Open 0x27 opened this issue 5 years ago • 0 comments

The patch for this failed miserably. We already evade the curl blacklisting by using requests, however we will need to very slightly tweak our command injection payload to evade a blacklist against the ' (0x27, lol) character.

I'll implement and test this, and verify it works on both old and new firmwares.

0x27 avatar Mar 30 '19 01:03 0x27