Merge pull request #942 from acerjt/patch-4

Update README.md
2024-11-21 20:23:18 +00:00 · 2024-09-25 18:46:51 +02:00 · 2024-09-25 18:46:51 +02:00 · 91ac4c3bd4
commit 91ac4c3bd4
parent 93890004fb 49db41f41f
1 changed files with 2 additions and 2 deletions
--- a/binary-exploitation/format-strings/README.md
+++ b/binary-exploitation/format-strings/README.md
@ -92,7 +92,7 @@ printf("%4$x")

 and read directly the forth.

-Notice that the attacker controls the `pr`**`intf` parameter, which basically means that** his input is going to be in the stack when `printf` is called, which means that he could write specific memory addresses in the stack.
+Notice that the attacker controls the `printf` **parameter, which basically means that** his input is going to be in the stack when `printf` is called, which means that he could write specific memory addresses in the stack.

 {% hint style="danger" %}
 An attacker controlling this input, will be able to **add arbitrary address in the stack and make `printf` access them**. In the next section it will be explained how to use this behaviour.
@ -167,7 +167,7 @@ Arbitrary reads can be useful to:

 ## **Arbitrary Write**

-The formatter **`$<num>%n`** **writes** the **number of written bytes** in the **indicated address** in the \<num> param in the stack. If an attacker can write as many char as he will with printf, he is going to be able to make **`$<num>%n`** write an arbitrary number in an arbitrary address.
+The formatter **`%<num>$n`** **writes** the **number of written bytes** in the **indicated address** in the \<num> param in the stack. If an attacker can write as many char as he will with printf, he is going to be able to make **`%<num>$n`** write an arbitrary number in an arbitrary address.

 Fortunately, to write the number 9999, it's not needed to add 9999 "A"s to the input, in order to so so it's possible to use the formatter **`%.<num-write>%<num>$n`** to write the number **`<num-write>`** in the **address pointed by the `num` position**.