README.md 1.1 KB
printf Format Security
by Bryce Dixon tags: scope, control_flow, bugs
Summary
printf is a standard C function that's a great way to easily print data to the console using format specifiers. That being said, it's common knowledge that you should NEVER give a user the ability to directly set the first parameter of a function that can take format specifiers. To pass this challenge, you need to find out why users shouldn't be given full co
Instructions
printf is a standard C function that's a great way to easily print data to the console using format specifiers. That being said, it's common knowledge that you should NEVER give a user the ability to directly set the first parameter of a function that can take format specifiers.
To pass this challenge, you need to find out why users shouldn't be given full control of printf. A vulnerable function will take a string you provide and pass it to printf along with a value you need to modify.
Examples
// No examples! The fun is finding the exploit yourself!
Notes
A format specifier is a character set like %s or %f. Look for one that writes to memory.