❑ FSB(Format String Bug) : A bug caused by the format string of a function that performs formatting.
❑ In printf(), %s,%x can leak memory values, and %n can input a value at a specific position.
(x86, printf) Assuming that the stack frame is like above when the format string can be input, the following exploits are possible.
1. %s%s%s → AAAABBBBCCCC
2. %08x%08x%08x%08x%08x → 414141414242424243434343[SFP value][RET value]
3. %08x%08x%08x%08x%n → The RET is changed to decimal 32.
4. %5$n→ The RET is changed to 0.
※ FSB exploit example(Link)
printf's format string(Link)