From 49db41f41ffe42f305b7f542012b63a762744a55 Mon Sep 17 00:00:00 2001 From: acerjt <38390343+acerjt@users.noreply.github.com> Date: Tue, 24 Sep 2024 16:43:00 +0700 Subject: [PATCH] Update README.md fix typo --- binary-exploitation/format-strings/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/binary-exploitation/format-strings/README.md b/binary-exploitation/format-strings/README.md index ec4d33e51..a8fec33f3 100644 --- a/binary-exploitation/format-strings/README.md +++ b/binary-exploitation/format-strings/README.md @@ -92,7 +92,7 @@ printf("$4%x") and read directly the forth. -Notice that the attacker controls the `pr`**`intf` parameter, which basically means that** his input is going to be in the stack when `printf` is called, which means that he could write specific memory addresses in the stack. +Notice that the attacker controls the `printf` **parameter, which basically means that** his input is going to be in the stack when `printf` is called, which means that he could write specific memory addresses in the stack. {% hint style="danger" %} An attacker controlling this input, will be able to **add arbitrary address in the stack and make `printf` access them**. In the next section it will be explained how to use this behaviour. @@ -167,7 +167,7 @@ Arbitrary reads can be useful to: ## **Arbitrary Write** -The formatter **`$%n`** **writes** the **number of written bytes** in the **indicated address** in the \ param in the stack. If an attacker can write as many char as he will with printf, he is going to be able to make **`$%n`** write an arbitrary number in an arbitrary address. +The formatter **`%$n`** **writes** the **number of written bytes** in the **indicated address** in the \ param in the stack. If an attacker can write as many char as he will with printf, he is going to be able to make **`%$n`** write an arbitrary number in an arbitrary address. Fortunately, to write the number 9999, it's not needed to add 9999 "A"s to the input, in order to so so it's possible to use the formatter **`%.%$n`** to write the number **``** in the **address pointed by the `num` position**.