OWASP Foundation
owasp.org › www-project-web-security-testing-guide › latest › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13-Testing_for_Format_String_Injection
Testing for Format String Injection
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
GitHub
github.com › OWASP › www-project-web-security-testing-guide › blob › master › latest › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13-Testing_for_Format_String_Injection.md
www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md at master · OWASP/www-project-web-security-testing-guide
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
Author OWASP
Videos
18:32
7: Format String Vulnerabilities (printf) - Buffer Overflows - ...
11:11
Playing around with a Format String vulnerability and ASLR. format0 ...
10:01
A simple Format String exploit example - bin 0x11 - YouTube
16:31
Intro Format String Vulnerability | PicoCTF 2017 [39] "I've Got ...
05:32
Format String Vulnerability - YouTube
- YouTube
GitHub
github.com › OWASP › www-project-web-security-testing-guide › blob › master › stable › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13-Testing_for_Format_String_Injection.md
www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md at master · OWASP/www-project-web-security-testing-guide
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
Author OWASP
GitHub
github.com › OWASP › wstg › blob › master › document › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13-Testing_for_Format_String_Injection.md
wstg/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md at master · OWASP/wstg
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
Author OWASP
OWASP Foundation
owasp.org › www-project-web-security-testing-guide › latest › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13-Testing_for_Format_String_Injection.html
WSTG - Latest | OWASP Foundation
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
OWASP Foundation
owasp.org › www-project-web-security-testing-guide › v41 › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13.3-Testing_for_Format_String
Testing for format string vulnerability
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
OWASP Foundation
owasp.org › www-community › attacks › Format_string_attack
Format string attack | OWASP Foundation
The printf in the second line will interpret the %s%s%s%s%s%s in the input string as a reference to string pointers, so it will try to interpret every %s as a pointer to a string, starting from the location of the buffer (probably on the Stack). At some point, it will get to an invalid address, and attempting to access it will cause the program to crash. An attacker can also use this to get information, not just crash the software. For example, running:
GitHub
github.com › OWASP › www-project-web-security-testing-guide › blob › master › v41 › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › 13.3-Testing_for_Format_String.md
www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.3-Testing_for_Format_String.md at master · OWASP/www-project-web-security-testing-guide
Tests include analysis of the code and injecting conversion specifiers as user input to the application under test. Static analysis tools can find format string vulnerabilities in either the code or in binaries.
Author OWASP
CAPEC
capec.mitre.org › data › definitions › 135.html
CAPEC - CAPEC-135: Format String Injection (Version 3.9)
Common Attack Pattern Enumeration and Classification (CAPEC) is a list of software weaknesses.
Wikipedia
en.wikipedia.org › wiki › Uncontrolled_format_string
Uncontrolled format string - Wikipedia
December 21, 2025 - The use of format string bugs as ... that directly passed user-generated data without a format string. Extensive tests with contrived arguments to printf-style functions showed that it was possible to use this for privilege escalation....
Exploit-DB
exploit-db.com › docs › english › 28476-linux-format-string-exploitation.pdf pdf
Format String Exploitation-Tutorial By Saif El-Sherei www.elsherei.com
Split the address to two words and calculate the width of the format string. ... The program being debugged has been started already. ... A negative value was calculated because the second overwrite is less than the first. There is · a workaround by adding 1 to the beginning of the second ...
Gitbooks
kennel209.gitbooks.io › owasp-testing-guide-v4 › content › en › web_application_security_testing › testing_for_format_string.html
Testing for Format string | Owasp Testing Guide v4 - kennel209
The key to testing format string vulnerabilities is supplying format type specifiers in application input.
CTF Handbook
ctf101.org › binary-exploitation › what-is-a-format-string-vulnerability
Format String Vulnerability - CTF Handbook
A format string vulnerability is a bug where user input is passed as the format argument to printf, scanf, or another function in that family. The format argument has many different specifiers which could allow an attacker to leak data if they control the format argument to printf.
GitHub
github.com › OWASP › www-project-web-security-testing-guide › blob › master › latest › 4-Web_Application_Security_Testing › 07-Input_Validation_Testing › index.md
www-project-web-security-testing-guide/index.md at master · OWASP/www-project-web-security-testing-guide
4.7.12 Testing for Command Injection · 4.7.13 Testing for Format String Injection · 4.7.14 Testing for Incubated Vulnerability · 4.7.15 Testing for HTTP Splitting Smuggling · 4.7.16 Testing for HTTP Incoming Requests · 4.7.17 Testing for Host Header Injection ·
Author OWASP