- Published on
Utilizing an edit primitive to change size and gain Out-of-Bound writes and then overwriting last-byte of a char*
to point to a similar chunk, then overwriting size field of a chunk to free that chunk into unsorted bin for libc leak.
Overwriting stdout to gain code execution.