Format string vulnerability.
Writing essays is so much fun! Watch me write all these totally meaningful words about other words... Actually, wait. You shouldn't be reading my essays. Shoo!
We are given the following source code:
FILE *fp = fopen("flag.txt", "r");
fgets(example_essay, sizeof(example_essay), fp);
fgets(essay, sizeof(essay), stdin);
essay[strcspn(essay, "\n")] = 0;
length = strlen(essay);
This is a typical format string vulnerability, where the user input is passed into
printf()as a format string. Hence, we can use
%<position>$llxto view the stack values.
example_essaybuffer also resides on the stack, we can leak the flag.
Then, convert the little endian to big endian to obtain the flag.