About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Command Injection Exploitation in Mi Router 3- 128

Shaun Mirani at ISEPosted 6 Years Ago
  • With a black list of characters of '`;|$&{} ', this looks restrictive enough! But, by adding semicolons or tabs, we can execute arbitrary commands. A very clever idea :)
  • Additionally, there is a typo (in the source code) that ends up allowing for arbitrary content to be added to the timeout parameter.
  • Additionally, the regex [a-zA-Z0–9$_\-\.\+!*’(),] is too permissive for a URL, allowing for arbitrary code to be executed.
  • Vulns come in packages of the same type! Once one is found, keep looking for similar things.
  • This article demonstrates that exploitation can be tricky and messy, at times. But, being creative around what is available is really important for good exploitation.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed