O.K. It really seems to be an interference with sprintf's conversion specifiers. 'foo%bar" is working because there is no '%b' specifier. 'foo%xbar', foo%ebar', 'foo%fbar', etc. are not working, because these are conversion specifiers.
This means it is almost certainly exploitable somehow.
O.K. It really seems to be an interference with sprintf's conversion specifiers. 'foo%bar" is working because there is no '%b' specifier. 'foo%xbar', foo%ebar', 'foo%fbar', etc. are not working, because these are conversion specifiers.
This means it is almost certainly exploitable somehow.