Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Format String Vulnerability
Topics
Format String Page 1
Format String
Format String Page 2
Function with Varying Length of Arguments
Format String Page 3
How Format String Works
Format String Page 4
prinftf() with missing arguments
Format String Page 5
A Vulnerable Program
Format Parameters
Format String Page 6
Crash the Program
Format String Page 7
Print out Secret Value Question: How to print out some secret valued stored on the stack?Question: How to print out a secret string stored at address 0xaabbccdd?
Format String Page 8
Modify MemoryQuestion: How to modify the data stored on the stack? Question: How to modify the data stored at address 0xaabbccdd?
Format String Page 9
Modify Memory with Specific ValueQuestion: How to modify the data stored at address 0xaabbccdd with value 0x23a402bc?
Format String Page 10
Code Injection
Question: How to use format string vulnerability to jump to injected shellcode?
Format String Page 11