Is the exploitation of a format string vulnerability possible if the number of characters you're allowed to enter is limited?
Let's say I'm just allowed to enter input with 23 characters. I can read the stack like this of course: AAAA%1$08xBBBBBBBBBBBBB ... AAAA%576$08xBBBBBBBBBBB
But is it possible to exploit it somehow? (Shell, ...)
The system behind is a Linux Server I am accessing with netcat. It is running a simple ELF which makes the string length check and then calls the vulnerable printf function.
http://dlvr.it/Rzjyd7
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment