In this paper I will walk the reader through the process of writing a code execution exploit that runs on a MIPS device. The exploit described in this paper targets an actual vulnerability in the ZHONE router gateway I published in October 2015. More information about the vulnerability can be found here:
Triggering the stack overflow is rather easy with a simple one-liner that sends an overlong string to the router’s Web Administrative Console.
GET /<7000 A’s>.cgi HTTP/1.1 <Other HTTP Headers>