<p>Hi..
Today I have learned about format string vulnerability as a part of binary exploitation.
      In c we normally use %d,u(called <strong>format specifier</strong>s) to indicate position of variables.  We can exploit this feature and write random content to the buffer using this vulnerability.
     We can use %p to print pointer value in C language. We can supply this as argument for printf() function to print the pointer locations. Then we need to find the pointer location at which the call to printf is made using decompiler like gdb and can add the address to our input address to modify the programme.
We can also perform  buffer overflow in this vulnerability too...</p>


Hi..
Today I have learned about format string vulnerability as a part of binary exploitation.
      In c we normally use %d,u(called **format specifier**s) to indicate position of variables.  We can exploit this feature and write random content to the buffer using this vulnerability.
     We can use %p to print pointer value in C language. We can supply this as argument for printf() function to print the pointer locations. Then we need to find the pointer location at which the call to printf is made using decompiler like gdb and can add the address to our input address to modify the programme.
We can also perform  buffer overflow in this vulnerability too...


format sting vuln

Format String Vulnerability

Love problem solving and developing different applications.
