28Ağu
Format String Exploitation with limited number of characters possible?
Is the exploitation of a format string vulnerability possible if the number of characters you're allowed to enter is limited?
Let's say I'm just allowed to enter input with 23 characters. I can read the stack like this of course:
AAAA%1$08xBBBBBBBBBBBBB
...
AAAA%576$08xBBBBBBBBBBB
But is it possible to exploit it somehow? (Shell, ...)
The system behind is a Linux Server I am accessing with netcat. It is running a simple ELF which makes the string length check and then calls the vulnerable printf function.
