Clarification Needed on RCE Exploit Process in Provided PoC #1
Description
Hello,
I have been experimenting with the PoC provided in this repository, and I'm seeking some clarification on how the buffer overflow condition leads to Remote Code Execution (RCE).
From my understanding and tests, the PoC does successfully create a situation where the buffer length (blen) is less than the difference between the start pointer (bp) and the end pointer (p). However, the execution seems to halt at this point without further exploitation of the buffer overflow.
Typically, for a buffer overflow to lead to RCE, the overflowed buffer needs to overwrite specific memory areas (like the return address on the stack or function pointers). In this case, I am unable to identify how the overflowed buffer is used to alter execution flow or how it could potentially lead to RCE.
Could you please provide more insights or details on how the overflow condition in this PoC is leveraged to achieve RCE? Any additional information on the exploit process post-buffer overflow would be greatly appreciated.
Thank you for your time and assistance.
Best regards,
[Gyumin Baek]