@samyk is it possible to use a pi zero w to expose the machines to the vulnerability while running a pi 2 server on the same LAN? What do i need to change on the server and pi zero w side? Just the YOUR.DOMAIN part on the pi zero w backdoor.html?

I haven't tested, but yes, should work fine. Don't think anything needs to change other than YOUR.DOMAIN.