Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A few years ago, I learned about Format String Attacks in C the hard way. Now, I recently saw some PHP code like this:
<?php
echo sprintf($_GET['format'], $_GET['value1'], $_GET['value2']);
I tried run this like this with $_GET['format'] set to strings like %s%s%s..., but PHP just exists with PHP Warning: sprintf(): Too few arguments in file.php on line 2. Isn’t it still possible to do a format string attack?
Not in any traditional sense, as PHP’s
sprintfdoesn’t support any of the really dangerous conversions like%n. A user-controlled format string can still cause some limited havoc (consider%99999999s), but about the worst I think it could do would be to consume memory and time.