#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc,char* argv[])
{
char text[1024];
static int test_val = -72;
if(argc < 2)
{
printf("Usage:%s<text to print>\n",argv[0]);
exit(0);
}
strcpy(text,argv[1]);
printf("The right way to print user-controlled input:\n");
printf("%s",text);
printf("\nThe wrong way to print user-controlled input:\n");
printf(text);
printf("\n");
printf("
exit(0);
}
我在终端调试 ,本人机器上test_val地址为0x08049858.
./fmt_vuln $(printf "\x58\x98\x04\x08")%08x.%08x.%08x.%n
输出:
The right way to print user-controlled input:
X?%08x.%08x.%08x.%n
The wrong way to print user-controlled input:
X?bf8600b4.00000000.bf860230.
并没有改变test_val的值,而我看相关资料上说,
不知何故阿?我的系统fedora10,pentium(R) D cpu 2.80GHZ