In `WhiteHat Grand Prix 2018 Quals - pwn02 (BookStore)` challenge, there is a `null byte poisoning` aka `off-by-one overflow` aka `null byte overflow` vulnerability. Using this vulnerability, we can create the `overlapping chunks` situation (by zeroing out PREV_INUSE bit), which enables us to leak libc addresses and overwrite a sensitive function pointer with `system` address (spawn `/bin/sh`).

This is a good example of `Heap Exploitation` challenge to understand how to exploit `x86_64` binaries with `Canary`, `Full RELRO`, `FORTIFY`, `NX`, and `ASLR` enabled in presence of `tcache` in `glibc-2.27`.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/WhiteHatGrandPrixQuals/2018/pwn02).