custom cgi script broken since v24-RC3 ?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Tue Jul 28, 2009 6:54    Post subject: Reply with quote
Yes, it's still running, but I still have version 12523 just before this fix.

I will do an upgrade later this day and post the result (I have no physical access to my router and this exploit probably doesn't hurt me as it all goes through my reverse proxy first which sanitizes the http-headers)

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Sponsor
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Tue Jul 28, 2009 12:26    Post subject: Reply with quote
I just "upgraded" and my asterisk script now doesn't work anymore.


http://svn.dd-wrt.com:8000/dd-wrt/ticket/1182#comment:1
Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
M450
DD-WRT Novice


Joined: 16 Jul 2009
Posts: 10

PostPosted: Fri Aug 28, 2009 15:49    Post subject: Reply with quote
I was looking to host my Chillispot login page, hotspotlogin.cgi, on the router using this feature and couldn't figure out why it wasn't working until I read this...

So basically they removed the feature to host dynamic web pages as cgi scripts due to the vulnerability posted at milw0rm. What's the next option? Will installing lighttpd or mini-httpd via ipkg allow it?
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sat Aug 29, 2009 1:20    Post subject: Reply with quote
I've edited the wiki to indicate it's no longer working.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
chune
DD-WRT Novice


Joined: 05 Nov 2010
Posts: 30

PostPosted: Tue Nov 09, 2010 4:25    Post subject: Reply with quote
is there a workaround for this to enable cgi/sh scripts to run? Im running DD-WRT v24-sp2 (10/26/10) micro-plus-ssh - build 15508M NEWD Eko on my 54g2v1 and am unsure if it is safe to downgrade to an earlier micro plus ssh build that had cgi scripts enabled
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Nov 09, 2010 7:35    Post subject: Reply with quote
chune wrote:
is there a workaround for this to enable cgi/sh scripts to run? Im running DD-WRT v24-sp2 (10/26/10) micro-plus-ssh - build 15508M NEWD Eko on my 54g2v1 and am unsure if it is safe to downgrade to an earlier micro plus ssh build that had cgi scripts enabled

The shell commands in micro and micro+ssh builds are very limited so you wouldn't be able to do much anyways. The basic functionality has been somewhat reimplemented in a more restrictive manor and is called 'mypage'. Search for the original mypage post for an explanation of how to set the nvram variable to link to scripts which will then be viewable through the GUI. You'll probably need a micro+ build (not micro+ssh) to get a decent set of shell commands to work with.

What is your overall goal?

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
chune
DD-WRT Novice


Joined: 05 Nov 2010
Posts: 30

PostPosted: Tue Nov 09, 2010 8:20    Post subject: Reply with quote
i actually just got it all working 5 mins ago. I successfully downgraded my wrt54g2v1 to dd-wrt.v24-12476_NEWD_micro-plus_ssh.bin that had the cgi support and ran my script.
Im making a remote start for my car that runs over wifi so i can start it from my phone.

Im putting this router in my car hardwired to 12v (with a buck regulator, dont worry) so its always on. Running it in repeater mode (i wish autoAP supported WPA encryption) so it will auto connect to my work and home wifi when they are in range(same SSID/WPA keys)

The script is just turning on 3 different GPIOs and holding them for a set time. Accessory, then glowplug(held for 12 secs), then starter(held for 1 sec). Then on the board i have soldered a trigger wire from the GPIO pads to 3 solid state relays that will then use the +3.3 TTL voltage to bridge +12v to my cars accessory/glowplug/starter lines.

i have the script saved as gpio.cgi in /tmp/www/cgi-bin and then the starter.html page w/ the button using AJAX to call the cgi script saved in /tmp/www/. Everything works great but after the script executes, it asks for the router login.

Im sure theres a better way to call the script but this is my first wrt mod so be easy =) any input is very welcome
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum