EChat Server Buffer Overflow Vulnerability in chat.ghp Endpoint Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in EChat Server version 3.1, specifically within the chat.ghp endpoint. This vulnerability allows remote attackers to execute arbitrary code by sending a GET request with an oversized username parameter. The malicious username can include shellcode and Return-Oriented Programming (ROP) gadgets, enabling code execution in the context of the application.

Impact

Exploitation of this vulnerability leads to arbitrary code execution within the application context. However, failed attempts to exploit this vulnerability result in a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a GET request to the chat.ghp endpoint with a username parameter that exceeds the buffer size. The oversized username should be crafted to include shellcode and ROP gadgets. This can be done using a simple script that automates the process, such as one written in Python.