Yes, it's still running, but I still have version 12523 just before this fix.
I will do an upgrade later this day and post the result (I have no physical access to my router and this exploit probably doesn't hurt me as it all goes through my reverse proxy first which sanitizes the http-headers) _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I just "upgraded" and my asterisk script now doesn't work anymore.
http://svn.dd-wrt.com:8000/dd-wrt/ticket/1182#comment:1 _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I was looking to host my Chillispot login page, hotspotlogin.cgi, on the router using this feature and couldn't figure out why it wasn't working until I read this...
So basically they removed the feature to host dynamic web pages as cgi scripts due to the vulnerability posted at milw0rm. What's the next option? Will installing lighttpd or mini-httpd via ipkg allow it?
I've edited the wiki to indicate it's no longer working. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
is there a workaround for this to enable cgi/sh scripts to run? Im running DD-WRT v24-sp2 (10/26/10) micro-plus-ssh - build 15508M NEWD Eko on my 54g2v1 and am unsure if it is safe to downgrade to an earlier micro plus ssh build that had cgi scripts enabled
is there a workaround for this to enable cgi/sh scripts to run? Im running DD-WRT v24-sp2 (10/26/10) micro-plus-ssh - build 15508M NEWD Eko on my 54g2v1 and am unsure if it is safe to downgrade to an earlier micro plus ssh build that had cgi scripts enabled
The shell commands in micro and micro+ssh builds are very limited so you wouldn't be able to do much anyways. The basic functionality has been somewhat reimplemented in a more restrictive manor and is called 'mypage'. Search for the original mypage post for an explanation of how to set the nvram variable to link to scripts which will then be viewable through the GUI. You'll probably need a micro+ build (not micro+ssh) to get a decent set of shell commands to work with.
What is your overall goal? _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
i actually just got it all working 5 mins ago. I successfully downgraded my wrt54g2v1 to dd-wrt.v24-12476_NEWD_micro-plus_ssh.bin that had the cgi support and ran my script.
Im making a remote start for my car that runs over wifi so i can start it from my phone.
Im putting this router in my car hardwired to 12v (with a buck regulator, dont worry) so its always on. Running it in repeater mode (i wish autoAP supported WPA encryption) so it will auto connect to my work and home wifi when they are in range(same SSID/WPA keys)
The script is just turning on 3 different GPIOs and holding them for a set time. Accessory, then glowplug(held for 12 secs), then starter(held for 1 sec). Then on the board i have soldered a trigger wire from the GPIO pads to 3 solid state relays that will then use the +3.3 TTL voltage to bridge +12v to my cars accessory/glowplug/starter lines.
i have the script saved as gpio.cgi in /tmp/www/cgi-bin and then the starter.html page w/ the button using AJAX to call the cgi script saved in /tmp/www/. Everything works great but after the script executes, it asks for the router login.
Im sure theres a better way to call the script but this is my first wrt mod so be easy =) any input is very welcome