Format String Vulnerability
Format String Vulnerabilities Why Information Leaks Matter in Modern Exploitation The ASLR Problem Modern systems use Address Space Layout Randomization (ASLR) to randomize memory locations: Stack addresses change every execution Heap addresses randomized Library (libc) addresses randomized Code addresses randomized (with PIE) The dilemma: You can overflow a buffer and control the return address (this is again assuming we somehow defeated the canary) But you don’t know WHERE to point it (shellcode location unknown) Even ROP gadget addresses are randomized You need to LEAK memory addresses first! Format string vulnerabilities are one of the most powerful information leak primitives. ...