Project: WASC Threat Classification
Threat Type: Attack
Reference ID: WASC-6
Format String Attack
Format String Attacks alter the flow of an application by using string formatting library features to access other memory space. Vulnerabilities occur when user-supplied data are used directly as formatting string input for certain C/C++ functions (e.g. fprintf, printf, sprintf, setproctitle, syslog, …).
If an attacker passes a format string consisting of printf conversion characters (e.g. “%f”, “%p”, “%n”, etc.) as a parameter value to the web application, they may:
- Execute arbitrary code on the server
- Read values off the stack
- Cause segmentation faults / software crashes
Format String attacks are related to other attacks in the Threat Classification: Buffer Overflows and Integer Overflows. All three are based in their ability to manipulate memory or its interpretation in a way that contributes to an attacker’s goal.
http://projects.webappsec.org/w/page/13246926/Format%20String