- Wifi disk access at http://192.168.1.1/sdindex.asp is vulneable for arbitrary read/write on any directory.
- After logging in, visit Wifi disk access.
- Set BP on folder click.
- run
sd_current_path = "/";initSDList(0);in the console.
sd_current_path = "/";initSDList(0); in the console.