| ||
The following entries in Common Vulnerabilities and Exposures (CVE) at http:// cve.mitre.org are examples of SQL injection. Out of the 188 CVE entries that reference format strings, this is just a sampling.
From the CVE description: The lreply function in wu- ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
This is the first publicly known exploit for a format string bug. The title of the BUGTRAQ post underscores the severity of the problem: Providing *remote* root since at least 1994.
From the CVE description: Some functions that implement the locale subsystem on UNIX do not properly cleanse user -injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
The full text of the original advisory can be found at www.securityfocus.com/archive/1/80154, and this problem is especially interesting because it affects core system APIs for most UNIX variants (including Linux), except for BSD variants due to the fact that the NLSPATH variable is ignored for privileged suid application in BSD. This advisory, like many CORE SDI advisories, is especially well written and informative and gives a very thorough explanation of the overall problem.