Abstract
Abstract The format string vulnerability is a common software vulnerability. A well-constructed format string can read and modify arbitrary memory addresses, causing serious system problems. Existing automated exploit generation solutions for format string vulnerability are unable to cope with the limitations imposed by the vulnerability defense mechanism Address Space Layout Randomization (ASLR) and the program itself on vulnerability exploitation. In this paper, to address the above challenges, we propose FormatAEG, the first automatic exploitation framework for format string vulnerabilities that can bypass ASLR defense and the program's own constraints. Specifically, we first proposed an arbitrary address reading and writing method based on a format string vulnerability, which can modify the target address data by directly arranging the target address or automatically searching and utilizing the pointer chain in the stack. Then, we propose a vulnerability reentry method based on global offset table (GOT) hijacking, which hijacks the program control flow by modifying function addresses in the GOT, making the vulnerability reentrant. In the experimental section, we evaluated FormatAEG using 20 Capture The Flag programs from top international tournaments and two real-world programs with format string vulnerabilities. The evaluation results show that with ASLR defense turned on, FormatAEG successfully detects format string vulnerability in 19 of these programs and generates exploit code for 15 of them. Compared with existing tools, FormatAEG detected 11 more format string vulnerabilities and generated 13 more exploit codes.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.