Update README.md

README.md

@@ -5,17 +5,24 @@ CVE-2023-33381: OS command injection on MitraStar GPT-2741GNAC
 ### Firmware Version: AR_g5.8_110WVN0b7_2
 ### Vulnerability Description:
 
-
+When logging in via SSH, it was apparent that one would be directed to a restricted shell instead of the expected full shell access.
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/b5840811-334d-45d5-b3e3-7863969165a3)
 
+After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/8ab3f70a-2291-4491-a989-9c49b5c69592)
 
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/ab39a419-e528-4fa4-ae4f-0c4379c5c316)
 
+So, I decided to try something sneaky by adding a ";" character to my command. I executed "cat /etc/passwd" and guess what? The command ran successfully.
+
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/d9c780f9-649e-49a7-bb19-305abff583db)
 
+So, I decided to try something sneaky by adding a ";" character to my command. I executed "cat /etc/passwd" and guess what? The command ran successfully.
+
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/729a7bf7-118b-4146-a2ec-3de32de9487e)
 
+As clearly illustrated in the image below, the modifications I made have enabled me to login and freely execute commands like "uname" and "cat"
+
 ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/8ee5c6ba-b4c6-4a3f-829a-ebeb5945f18b)
 
 ### Root of cause