Exploiting Format String Vulnerabilities

This article explains the nature of a phenomenon that has shocked the security community in the second half of the year 2000. Known as 'format string vulnerabilities', a whole new class of vulnerabilities has been disclosed and caused a wave of exploitable bugs being discovered in all kinds of programs, ranging from small utilities to big server applications.

The article will try to explain the structure of the vulnerability and later use this knowledge to build sophisticated exploits. It will show you how to discover format string vulnerabilities in C source code, and why this new kind of vulnerability is more dangerous than the common buffer overflow vulnerability.

http://doc.bughunter.net/format-string/exploit-fs.html