{"id":477282,"date":"2023-08-09T09:10:23","date_gmt":"2023-08-09T09:10:23","guid":{"rendered":""},"modified":"2023-11-29T15:03:54","modified_gmt":"2023-11-29T15:03:54","slug":"format-string-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/format-string-attack\/","title":{"rendered":"\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u653b\u51fb"},"content":{"rendered":"

\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u662f\u8ba1\u7b97\u673a\u7f16\u7a0b\u4e2d\u53d1\u751f\u7684\u4e00\u79cd\u5b89\u5168\u6f0f\u6d1e\u3002\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u7a0b\u5e8f\u5904\u7406\u683c\u5f0f\u5316\u8f93\u5165\/\u8f93\u51fa\u51fd\u6570\u7684\u65b9\u5f0f\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u8bfb\u53d6\u654f\u611f\u6570\u636e\u3001\u4fee\u6539\u5185\u5b58\u5185\u5bb9\uff0c\u751a\u81f3\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u4e00\u76f4\u662f\u8f6f\u4ef6\u5f00\u53d1\u4eba\u5458\u548c\u7cfb\u7edf\u7ba1\u7406\u5458\u5173\u6ce8\u7684\u91cd\u70b9\uff0c\u56e0\u4e3a\u5b83\u4eec\u53ef\u80fd\u4f1a\u635f\u5bb3\u7cfb\u7edf\u7684\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002<\/p>\n

\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u8d77\u6e90\u5386\u53f2\u53ca\u5176\u9996\u6b21\u63d0\u53ca<\/h2>\n

\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u6982\u5ff5\u9996\u6b21\u51fa\u73b0\u4e8e 20 \u4e16\u7eaa 90 \u5e74\u4ee3\u672b\u3002\u5b83\u56e0 Kostya Kortchinsky \u4e8e 2000 \u5e74\u53d1\u8868\u7684\u4e00\u7bc7\u9898\u4e3a\u201c\u5229\u7528\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u201d\u7684\u8bba\u6587\u800c\u6d41\u884c\u3002\u8be5\u8bba\u6587\u8be6\u7ec6\u8ba8\u8bba\u4e86\u8be5\u6f0f\u6d1e\u7684\u5229\u7528\uff0c\u5e76\u5c55\u793a\u4e86\u5176\u5bf9\u7cfb\u7edf\u7684\u6f5c\u5728\u5f71\u54cd\u3002\u4ece\u90a3\u65f6\u8d77\uff0c\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u5f97\u5230\u4e86\u5e7f\u6cdb\u7684\u7814\u7a76\uff0c\u4ece\u800c\u66f4\u597d\u5730\u7406\u89e3\u548c\u6539\u8fdb\u4e86\u8f6f\u4ef6\u5f00\u53d1\u4e2d\u7684\u5b89\u5168\u5b9e\u8df5\u3002<\/p>\n

\u6709\u5173\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u8be6\u7ec6\u4fe1\u606f<\/h2>\n

\u5f53\u653b\u51fb\u8005\u53ef\u4ee5\u63a7\u5236\u683c\u5f0f\u5316\u8f93\u5165\/\u8f93\u51fa\u51fd\u6570\u4e2d\u7684\u683c\u5f0f\u5b57\u7b26\u4e32\u53c2\u6570\u65f6\uff0c\u5c31\u4f1a\u53d1\u751f\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u3002\u8fd9\u4e9b\u529f\u80fd\uff0c\u4f8b\u5982 printf()<\/code> \u548c sprintf()<\/code>\uff0c\u5e7f\u6cdb\u7528\u4e8e\u683c\u5f0f\u5316\u548c\u6253\u5370\u6570\u636e\u3002\u5728 C \u548c C++ \u7b49\u8bed\u8a00\u4e2d\uff0c\u5b83\u4eec\u5141\u8bb8\u5f00\u53d1\u4eba\u5458\u6307\u5b9a\u5360\u4f4d\u7b26\uff08\u4f8b\u5982\uff0c %s<\/code> \u5bf9\u4e8e\u5b57\u7b26\u4e32\uff0c %d<\/code> \u5bf9\u4e8e\u6574\u6570\uff09\u548c\u8981\u663e\u793a\u7684\u76f8\u5e94\u503c\u3002\u5f53\u7a0b\u5e8f\u5728\u672a\u7ecf\u9002\u5f53\u9a8c\u8bc1\u7684\u60c5\u51b5\u4e0b\u5c06\u7528\u6237\u63a7\u5236\u7684\u6570\u636e\u4f5c\u4e3a\u683c\u5f0f\u5b57\u7b26\u4e32\u4f20\u9012\u65f6\uff0c\u5c31\u4f1a\u51fa\u73b0\u6b64\u6f0f\u6d1e\uff0c\u4ece\u800c\u5bfc\u81f4\u610f\u5916\u540e\u679c\u3002<\/p>\n

\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u5185\u90e8\u7ed3\u6784\u53ca\u5176\u5de5\u4f5c\u539f\u7406<\/h2>\n

\u8981\u4e86\u89e3\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u5de5\u4f5c\u539f\u7406\uff0c\u5fc5\u987b\u638c\u63e1\u683c\u5f0f\u5316\u8f93\u5165\/\u8f93\u51fa\u51fd\u6570\u7684\u5185\u90e8\u5de5\u4f5c\u539f\u7406\u3002\u5728 C \u7b49\u8bed\u8a00\u4e2d\uff0c\u683c\u5f0f\u5316\u6253\u5370\u51fd\u6570\u4f7f\u7528\u5806\u6808\u6765\u8bbf\u95ee\u4f20\u9012\u7ed9\u5b83\u4eec\u7684\u53c2\u6570\u3002\u5f53\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u683c\u5f0f\u5b57\u7b26\u4e32\u65f6\uff0c\u8be5\u51fd\u6570\u4f1a\u904d\u5386\u5b83\u5e76\u67e5\u627e\u683c\u5f0f\u8bf4\u660e\u7b26\uff08\u4f8b\u5982 %s<\/code>, %d<\/code>\uff09\u3002\u5bf9\u4e8e\u627e\u5230\u7684\u6bcf\u4e2a\u8bf4\u660e\u7b26\uff0c\u51fd\u6570\u671f\u671b\u5806\u6808\u4e0a\u6709\u4e00\u4e2a\u76f8\u5e94\u7684\u53c2\u6570\u3002<\/p>\n

\u5728\u6613\u53d7\u653b\u51fb\u7684\u7a0b\u5e8f\u4e2d\uff0c\u5982\u679c\u653b\u51fb\u8005\u53ef\u4ee5\u63a7\u5236\u683c\u5f0f\u5b57\u7b26\u4e32\uff0c\u4ed6\u4eec\u5c31\u53ef\u4ee5\u901a\u8fc7\u5229\u7528\u4ee5\u4e0b\u5185\u5bb9\u6765\u64cd\u7eb5\u7a0b\u5e8f\u7684\u5185\u5b58\uff1a<\/p>\n

    \n
  1. \u8bfb\u53d6\u8bb0\u5fc6<\/strong>\uff1a\u901a\u8fc7\u4f7f\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\uff0c\u4f8b\u5982 %x<\/code> \u6216\u8005 %s<\/code>\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6cc4\u6f0f\u5806\u6808\u6216\u5176\u4ed6\u5185\u5b58\u533a\u57df\u7684\u5185\u5bb9\uff0c\u5176\u4e2d\u53ef\u80fd\u5305\u542b\u654f\u611f\u4fe1\u606f\u3002<\/li>\n
  2. \u5199\u5165\u8bb0\u5fc6<\/strong>\uff1a\u683c\u5f0f\u8bf4\u660e\u7b26\uff0c\u4f8b\u5982 %n<\/code> \u5141\u8bb8\u653b\u51fb\u8005\u5c06\u6570\u636e\u5199\u5165\u76f8\u5e94\u53c2\u6570\u6307\u5411\u7684\u5185\u5b58\u5730\u5740\u3002\u8fd9\u53ef\u4ee5\u88ab\u6ee5\u7528\u6765\u4fee\u6539\u53d8\u91cf\u3001\u51fd\u6570\u6307\u9488\u751a\u81f3\u7a0b\u5e8f\u4ee3\u7801\u3002<\/li>\n
  3. \u6267\u884c\u4efb\u610f\u4ee3\u7801<\/strong>\uff1a\u5982\u679c\u653b\u51fb\u8005\u53ef\u4ee5\u63a7\u5236\u683c\u5f0f\u5b57\u7b26\u4e32\u5e76\u63d0\u4f9b\u6b63\u786e\u7684\u53c2\u6570\uff0c\u4ed6\u4eec\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6267\u884c\u4efb\u610f\u4ee3\u7801 %n<\/code> \u5199\u5165\u51fd\u6570\u6307\u9488\uff0c\u7136\u540e\u89e6\u53d1\u5176\u6267\u884c\u3002<\/li>\n<\/ol>\n

    \u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u5173\u952e\u7279\u5f81\u5206\u6790<\/h2>\n

    \u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u4e3b\u8981\u7279\u5f81\u662f\uff1a<\/p>\n

      \n
    1. \u683c\u5f0f\u5b57\u7b26\u4e32\u63a7\u5236<\/strong>\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u63a7\u5236\u683c\u5f0f\u5b57\u7b26\u4e32\uff0c\u5b83\u51b3\u5b9a\u8f93\u51fa\u683c\u5f0f\u5e76\u53ef\u4ee5\u64cd\u7eb5\u5185\u5b58\u8bbf\u95ee\u3002<\/li>\n
    2. \u57fa\u4e8e\u5806\u6808\u7684\u5229\u7528<\/strong>\uff1a\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u653b\u51fb\u901a\u5e38\u9488\u5bf9\u5806\u6808\uff0c\u56e0\u4e3a\u683c\u5f0f\u5316\u8f93\u5165\/\u8f93\u51fa\u51fd\u6570\u4f7f\u7528\u5b83\u6765\u8bbf\u95ee\u53c2\u6570\u3002<\/li>\n
    3. \u5185\u5b58\u64cd\u4f5c<\/strong>\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u683c\u5f0f\u8bf4\u660e\u7b26\u8bfb\u53d6\u6216\u5199\u5165\u5185\u5b58\u5730\u5740\uff0c\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u6216\u4ee3\u7801\u6267\u884c\u3002<\/li>\n<\/ol>\n

      \u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u7c7b\u578b<\/h2>\n

      \u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u53ef\u5206\u4e3a\u4e24\u79cd\u4e3b\u8981\u7c7b\u578b\uff1a<\/p>\n

        \n
      1. \u9605\u8bfb\u653b\u51fb<\/strong>\uff1a\u8fd9\u4e9b\u653b\u51fb\u7684\u91cd\u70b9\u662f\u5229\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\u4ece\u7a0b\u5e8f\u5185\u5b58\u4e2d\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u4f8b\u5982\u5806\u6808\u5730\u5740\u6216\u5bc6\u7801\u6570\u636e\u3002<\/li>\n
      2. \u5199\u4f5c\u653b\u51fb<\/strong>\uff1a\u5728\u8fd9\u4e9b\u653b\u51fb\u4e2d\uff0c\u76ee\u6807\u662f\u901a\u8fc7\u4f7f\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\u5c06\u6570\u636e\u5199\u5165\u7279\u5b9a\u5185\u5b58\u5730\u5740\u6765\u64cd\u7eb5\u5185\u5b58\uff0c\u4ece\u800c\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u4fee\u6539\u53d8\u91cf\u6216\u51fd\u6570\u6307\u9488\u3002<\/li>\n<\/ol>\n

        \u4e0b\u8868\u603b\u7ed3\u4e86\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u7c7b\u578b\uff1a<\/p>\n\n\n\n\n\n\n
        \u653b\u51fb\u7c7b\u578b<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
        \u9605\u8bfb\u653b\u51fb<\/td>\n\u5229\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\u8bfb\u53d6\u5185\u5b58<\/td>\n<\/tr>\n
        \u5199\u4f5c\u653b\u51fb<\/td>\n\u5229\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\u5199\u5165\u5185\u5b58<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

        \u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u4f7f\u7528\u65b9\u6cd5\u3001\u95ee\u9898\u53ca\u5176\u89e3\u51b3\u65b9\u6848<\/h2>\n

        \u4f7f\u7528\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u65b9\u6cd5<\/h3>\n

        \u653b\u51fb\u8005\u53ef\u4ee5\u5728\u5404\u79cd\u573a\u666f\u4e2d\u5229\u7528\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\uff0c\u5305\u62ec\uff1a<\/p>\n

          \n
        1. \u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f<\/strong>\uff1a\u5982\u679c Web \u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u4f5c\u4e3a\u683c\u5f0f\u5b57\u7b26\u4e32\u800c\u6ca1\u6709\u7ecf\u8fc7\u9002\u5f53\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e00\u70b9\u6765\u7834\u574f\u5e94\u7528\u7a0b\u5e8f\u6216\u5e95\u5c42\u670d\u52a1\u5668\u3002<\/li>\n
        2. \u547d\u4ee4\u884c\u754c\u9762<\/strong>\uff1a\u4f7f\u7528\u547d\u4ee4\u884c\u53c2\u6570\u6784\u9020\u683c\u5f0f\u5b57\u7b26\u4e32\u7684\u7a0b\u5e8f\u5982\u679c\u4e0d\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u5c31\u5bb9\u6613\u53d7\u5230\u653b\u51fb\u3002<\/li>\n
        3. \u8bb0\u5f55\u673a\u5236<\/strong>\uff1a\u65e5\u5fd7\u673a\u5236\u4e2d\u7684\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u53ef\u4ee5\u4e3a\u653b\u51fb\u8005\u63d0\u4f9b\u6709\u5173\u7cfb\u7edf\u7684\u5b9d\u8d35\u4fe1\u606f\uff0c\u5e76\u4e3a\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u63d0\u4f9b\u4fbf\u5229\u3002<\/li>\n<\/ol>\n

          \u95ee\u9898\u4e0e\u89e3\u51b3\u65b9\u6848<\/h3>\n
            \n
          1. \u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3<\/strong>\uff1a\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u4e3b\u8981\u539f\u56e0\u662f\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5145\u5206\u3002\u5f00\u53d1\u4eba\u5458\u5e94\u5728\u5c06\u7528\u6237\u63a7\u5236\u7684\u8f93\u5165\u7528\u4f5c\u683c\u5f0f\u5b57\u7b26\u4e32\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002<\/li>\n
          2. \u683c\u5f0f\u5b57\u7b26\u4e32\u7684\u6709\u9650\u4f7f\u7528<\/strong>\uff1a\u53ea\u8981\u6709\u53ef\u80fd\uff0c\u5f00\u53d1\u4eba\u5458\u5c31\u5e94\u8be5\u907f\u514d\u5c06\u683c\u5f0f\u5b57\u7b26\u4e32\u4e0e\u7528\u6237\u63a7\u5236\u7684\u6570\u636e\u4e00\u8d77\u4f7f\u7528\u3002\u76f8\u53cd\uff0c\u8bf7\u8003\u8651\u4f7f\u7528\u66f4\u5b89\u5168\u7684\u66ff\u4ee3\u65b9\u6848\uff0c\u4f8b\u5982\u5b57\u7b26\u4e32\u8fde\u63a5\u6216\u5177\u6709\u4e25\u683c\u8f93\u5165\u68c0\u67e5\u7684\u683c\u5f0f\u5316\u5e93\u3002<\/li>\n
          3. \u7f16\u8bd1\u5668\u5b89\u5168\u7279\u6027<\/strong>\uff1a\u73b0\u4ee3\u7f16\u8bd1\u5668\u63d0\u4f9b\u5b89\u5168\u673a\u5236\uff0c\u4f8b\u5982 -fstack-protector<\/code> GCC \u4e2d\u7684\u9009\u9879\uff0c\u7528\u4e8e\u68c0\u6d4b\u548c\u9632\u6b62\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002\u4f7f\u7528\u6b64\u7c7b\u529f\u80fd\u53ef\u4ee5\u964d\u4f4e\u98ce\u9669\u3002<\/li>\n<\/ol>\n

            \u4e3b\u8981\u7279\u70b9\u53ca\u4e0e\u540c\u7c7b\u672f\u8bed\u7684\u6bd4\u8f83<\/h2>\n\n\n\n\n\n\n\n\n
            \u5b66\u671f<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
            \u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u653b\u51fb<\/td>\n\u5229\u7528\u683c\u5f0f\u8bf4\u660e\u7b26\u6765\u64cd\u7eb5\u5185\u5b58<\/td>\n<\/tr>\n
            \u7f13\u51b2\u533a\u6ea2\u51fa<\/td>\n\u5199\u5165\u6570\u636e\u8d85\u51fa\u7f13\u51b2\u533a\u8303\u56f4<\/td>\n<\/tr>\n
            SQL\u6ce8\u5165<\/td>\n\u5229\u7528\u6076\u610f\u8f93\u5165\u7684 SQL \u67e5\u8be2<\/td>\n<\/tr>\n
            \u8de8\u7ad9\u811a\u672c<\/td>\n\u5c06\u6076\u610f\u811a\u672c\u6ce8\u5165Web\u5e94\u7528\u7a0b\u5e8f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

            \u867d\u7136\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u4e0e\u5176\u4ed6\u6f0f\u6d1e\u5b58\u5728\u4e00\u4e9b\u76f8\u4f3c\u4e4b\u5904\uff0c\u4f46\u5b83\u4eec\u7684\u5229\u7528\u65b9\u6cd5\u3001\u76ee\u6807\u548c\u540e\u679c\u5374\u6709\u5f88\u5927\u4e0d\u540c\u3002<\/p>\n

            \u4e0e\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u76f8\u5173\u7684\u89c2\u70b9\u548c\u672a\u6765\u6280\u672f<\/h2>\n

            \u968f\u7740\u8f6f\u4ef6\u5f00\u53d1\u5b9e\u8df5\u7684\u6539\u8fdb\uff0c\u5f00\u53d1\u4eba\u5458\u8d8a\u6765\u8d8a\u610f\u8bc6\u5230\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7b49\u5b89\u5168\u6f0f\u6d1e\u3002\u968f\u7740\u5b89\u5168\u7f16\u7801\u6807\u51c6\u3001\u81ea\u52a8\u4ee3\u7801\u5206\u6790\u5de5\u5177\u548c\u5b9a\u671f\u5b89\u5168\u5ba1\u6838\u7684\u5f15\u5165\uff0c\u6b64\u7c7b\u6f0f\u6d1e\u7684\u6570\u91cf\u9884\u8ba1\u4f1a\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u800c\u51cf\u5c11\u3002<\/p>\n

            \u6b64\u5916\uff0c\u5f00\u53d1\u5177\u6709\u5185\u7f6e\u5185\u5b58\u5b89\u5168\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\uff08\u4f8b\u5982 Rust\uff09\u53ef\u4ee5\u63d0\u4f9b\u989d\u5916\u7684\u4fdd\u62a4\u5c42\uff0c\u9632\u6b62\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u3002<\/p>\n

            \u5982\u4f55\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u6216\u5c06\u5176\u4e0e\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u5173\u8054<\/h2>\n

            \u4ee3\u7406\u670d\u52a1\u5668\uff08\u4f8b\u5982 OneProxy \u63d0\u4f9b\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff09\u53ef\u4ee5\u5728\u51cf\u8f7b\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u65b9\u9762\u53d1\u6325\u4f5c\u7528\u3002\u4ee3\u7406\u670d\u52a1\u5668\u5145\u5f53\u5ba2\u6237\u7aef\u548c\u76ee\u6807\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u4e2d\u4ecb\uff0c\u5141\u8bb8\u5b83\u4eec\u68c0\u67e5\u548c\u8fc7\u6ee4\u4f20\u5165\u7684\u8bf7\u6c42\u3002\u901a\u8fc7\u5728\u4ee3\u7406\u670d\u52a1\u5668\u7ea7\u522b\u5b9e\u65bd\u5b89\u5168\u63aa\u65bd\uff0c\u53ef\u4ee5\u5728\u5230\u8fbe\u76ee\u6807\u670d\u52a1\u5668\u4e4b\u524d\u62e6\u622a\u548c\u963b\u6b62\u6f5c\u5728\u7684\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u3002<\/p>\n

            \u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\uff1a<\/p>\n

              \n
            1. \u8fc7\u6ee4\u7528\u6237\u8f93\u5165<\/strong>\uff1a\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u5728\u5c06\u7528\u6237\u8f93\u5165\u8f6c\u53d1\u5230\u76ee\u6807\u670d\u52a1\u5668\u4e4b\u524d\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u4ece\u800c\u9632\u6b62\u6076\u610f\u683c\u5f0f\u5b57\u7b26\u4e32\u5230\u8fbe\u6613\u53d7\u653b\u51fb\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<\/li>\n
            2. Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899<\/strong>\uff1a\u9ad8\u7ea7\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u5408\u5e76 Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899 (WAF) \u529f\u80fd\uff0c\u5176\u4e2d\u5305\u62ec\u9488\u5bf9\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u4fdd\u62a4\u3002<\/li>\n
            3. \u8bb0\u5f55\u548c\u76d1\u63a7<\/strong>\uff1a\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u8bb0\u5f55\u548c\u76d1\u89c6\u4f20\u5165\u8bf7\u6c42\uff0c\u5e2e\u52a9\u68c0\u6d4b\u548c\u5206\u6790\u6f5c\u5728\u7684\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u5c1d\u8bd5\u3002<\/li>\n<\/ol>\n

              \u76f8\u5173\u94fe\u63a5<\/h2>\n

              \u6709\u5173\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u8003\u8651\u63a2\u7d22\u4ee5\u4e0b\u8d44\u6e90\uff1a<\/p>\n

                \n
              1. \u5229\u7528\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e<\/a> \u2013 Mitja Kolsek \u548c Kostya Kortchinsky \u5728 OWASP AppSec DC 2006 \u4e0a\u7684\u6f14\u8bb2\u3002<\/li>\n
              2. \u683c\u5f0f\u5b57\u7b26\u4e32\u9519\u8bef\u2014\u2014\u521d\u63a2<\/a> \u2013 Aleph One \u53d1\u8868\u7684\u4e00\u7bc7\u8bba\u6587\uff0c\u6df1\u5165\u63a2\u8ba8\u4e86\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002<\/li>\n
              3. OWASP \u524d\u5341\u540d<\/a> \u2013 OWASP \u7684\u5341\u5927 Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u98ce\u9669\u5217\u8868\uff0c\u5176\u4e2d\u5305\u62ec\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002<\/li>\n<\/ol>\n

                \u603b\u4e4b\uff0c\u683c\u5f0f\u5b57\u7b26\u4e32\u653b\u51fb\u7ed9\u8f6f\u4ef6\u7cfb\u7edf\u5e26\u6765\u4e86\u91cd\u5927\u98ce\u9669\uff0c\u4f46\u901a\u8fc7\u91c7\u7528\u5b89\u5168\u7f16\u7801\u5b9e\u8df5\u5e76\u5229\u7528\u4ee3\u7406\u670d\u52a1\u5668\u7684\u529f\u80fd\uff0c\u5f00\u53d1\u4eba\u5458\u53ef\u4ee5\u9632\u5fa1\u8fd9\u4e9b\u5a01\u80c1\u5e76\u786e\u4fdd\u5176\u5e94\u7528\u7a0b\u5e8f\u548c\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u5b89\u5168\u6027\u3002<\/p>","protected":false},"featured_media":497608,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477282","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about Format String Attack: Understanding the Vulnerability Exploited by Hackers<\/mark>","faq_items":[{"question":"What is a Format String Attack?","answer":"A Format String Attack is a type of security vulnerability that occurs in computer programming. It allows attackers to exploit the way a program handles formatted input\/output functions, potentially leading to unauthorized access, data leaks, or even code execution on the target system."},{"question":"How did Format String Attacks originate?","answer":"The concept of Format String Attacks was first highlighted in a 2000 paper titled \"Exploiting Format String Vulnerabilities\" by Kostya Kortchinsky. Since then, these attacks have been a significant concern in software development due to their potential to compromise system integrity and confidentiality."},{"question":"How does a Format String Attack work?","answer":"In a Format String Attack, the attacker manipulates the format string parameter in formatted input\/output functions, such as printf()<\/code> and sprintf()<\/code>. By controlling the format string, the attacker can read sensitive data, write to memory addresses, or even execute arbitrary code by exploiting certain format specifiers."},{"question":"What are the key features of a Format String Attack?","answer":"The key features of a Format String Attack include the attacker's ability to control the format string, exploit stack-based memory access, and manipulate memory contents through format specifiers."},{"question":"What types of Format String Attacks exist?","answer":"Format String Attacks can be classified into two main types:\r\n

                  \r\n \t
                1. Reading Attacks: Exploiting format specifiers to read sensitive data from the program's memory.<\/li>\r\n \t
                2. Writing Attacks: Exploiting format specifiers to write data to specific memory addresses, enabling the modification of variables or function pointers.<\/li>\r\n<\/ol>"},{"question":"How can Format String Attacks be prevented?","answer":"To prevent Format String Attacks, developers should:\r\n