title: Format String Vulnerabilities categories: [cheatsheets]
Format string exploits occur when haven user supplied input in as the format string of printf. (or any format string function)
Functions to look for:
User input is stored on the stack, so by using enough format specifiers you can read the own input
For example:
> fstring AAAAAA%x%x%x....%x%x
> output: bff2132a bff29b2a ... 41414141
With that you can read strings from arbitrary adresses using:
fstring ޭ��%x%x...%x%x%s
all those %x%x%x are not needed, you can have a direct parameter acces with: fstring "%3$x" to access the 3rd value.