At the initial authorization handling of WebBBS, If the long longin name or password has been received, this CGI overflows. This overflow overwrites the RET address, EIP can be controlled. This overflow is used to execute any instructions which are included in the user name and password.
6fabd952734503ddb8a5be6907794eb1cc3ef1ea5818b6ffc671fea9adf2308e