Open jeongzero8732 opened 3 years ago
There is an article which uses the same vulnerability. Leveraging the Out-of-Bound write to modify the buffer pointer fields in HDA, the author can get the arbitrary read/write primitives. With the primitives, you can leak the Canary content. But the author merely modifies a function pointer to a shellcode put in the RWX memory page and triggers it later.
hi i am student in korea.
I am currently conducting a 1-day case study based on the data. Currently, I have leaked and checked that the stack bof is up, but Canary is the problem. How to bypass this?