A format string exploit is possible where the user supplies to format string instead of the programmer.
For example, instead of:
The lazy programmer elects to:
A format string exploit typically makes use of modifiers such as %n
to modify locations in memory. Exploitation on x86 is easy when the user-supplied format string is stored on the stack and can therefore be used as arguments to printf
(have printf ignore garbage stack values with %x
).