Format0
introduces format string vulnerabilities.
The vuln relies on the fact that user input is not sanitized and can be used as format string fed into the printf
family.
In this example sprintf()
is used. It takes at least 2 arguments, the destination's string and the source's string.
The idea is to do a classic buffer overflow and write 0xdeadbeef
to target
.
Here's the following exploit: