[Cerowrt-devel] bash exploit heads up

Eric S. Johansson esj at eggo.org
Wed Sep 24 18:00:34 EDT 2014


On 9/24/2014 5:54 PM, Eric S. Johansson wrote:
>
> On 9/24/2014 5:45 PM, Dave Taht wrote:
>> shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
>> it makes me nervous. I've never really liked the redir.sh method cero
>> uses to bounce people to the right web interface... suggestions to do
>> it in javascript or something safer desired.
>>
>
> http://www.w3.org/QA/Tips/reback
>
> I'll take a look in the next couple of days if no one beats me to it.

looked a bit further. assuming you are still using lighthttpd, it looks 
like we should be able to to it from the lighthttp config
http://redmine.lighttpd.net/projects/1/wiki/docs_modredirect



More information about the Cerowrt-devel mailing list