Posted by bashis on Sep 08

/*

Author: bashis <mcw noemail eu>, 2016

Small example code of ‘two-write-where-and-what’ format string (FMS) and description how to possible exploit when
located on heap.
Since the technique is ‘two-write-where-and-what’, it’s possible to jump to lower target address than the FMS has
counted up to.
[You will need to check addresses of free() and target() to see if it’s matching this example; if not, you…