Q: Through a successful format-string attack against a web application, an attacker is able to execute which of the following actions?

A Write only certain areas using tokens
B Read certain memory areas using the %s token
C Read and write to memory at will
D All the above options

Share this MCQ

Answer: C

Explanation:

The correct answer is:

Read and write to memory at will

Explanation: A format-string attack occurs when an attacker manipulates a format string function (e.g., printf or sprintf) in an insecure way to read from or write to arbitrary memory locations. By carefully crafting format strings (such as using %x, %s, etc.), the attacker can potentially access and modify memory contents, including sensitive data. This kind of attack can allow an attacker to execute arbitrary code, leading to severe security vulnerabilities.

Secure Programming Practices

Share Above MCQ

‹ Previous Next ›

Write your comment

Learn More MCQ Questions from Secure Programming Practices Secure Programming Practices

Q: Through a successful format-string attack against a web application, an attacker is able to execute which of the following actions?

Report Question