Exploiting 1-byte buffer overflows

A few weeks ago, we published a challenge relating to the exploitation of a simple buffer overflow in Linux. In the published solution, it was noted how it was possible to change the execution flow of the vulnerable program, with cursor overwrite in the next instruction as a result of the buffer overflow. Today, we will show how to exploit another classic buffer overflow vulnerability, in which the ebp register is moved to execute an arbitrary code.



Exploiting 1-byte buffer overflows