When Code Goes Wrong - Format String Exploition

    Date10 Oct 2002
    3674
    Posted ByAnthony Pell
    I will try to keep this article as short and as easy to understand as possible so the average people would understand this concept. What is Format String? Formatstring are the %d, %s, %u, %x, %p %n in your C . . . I will try to keep this article as short and as easy to understand as possible so the average people would understand this concept. What is Format String? Formatstring are the %d, %s, %u, %x, %p %n in your C langauge that you use when using printf and something similar. How is it vulernable? Well, if a program did not use a format string to print a certain data out, It is possible for the user to input formatstring that will gives us reading on the stack.

    Usually i am lazy and i would overwrite the .dtor. .dtor is the destructor that tags along any C program when compiled under gcc. Even if you do not declare a destructor, it'll still get added during compile time. You can overwrite the EIP just like Buffer-overflow. But I am lazy to search for the EIP. So i would do .dtor overwrite. For an indept article on .dtor overwrite, try searching your favorite search engine.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"5","type":"x","order":"1","pct":45.45,"resources":[]},{"id":"56","title":"No","votes":"6","type":"x","order":"2","pct":54.55,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.