Null - Now, consider the following scenario: there's Full RelRo, PIE and ASLR and you find a format string vulnerability. No NULL-bytes allowed: Overwrite __do_global_dtors_aux_fini_array_entry() with a one-gadget in two parts: %58$p (leaked dtor) plus %12$p (your buffer) and get shell! https://t.co/ymy9UTcklh

4:45am PST - February 16th, 2023

Now, consider the following scenario: there's Full RelRo, PIE and ASLR and you find a format string vulnerability. No NULL-bytes allowed: Overwrite __do_global_dtors_aux_fini_array_entry() with a one-gadget in two parts: %58$p (leaked dtor) plus %12$p (your buffer) and get shell! https://t.co/ymy9UTcklh

0 retweets 0 likes -

Socialk@s (@Disbauxes)