Tags: pwn
Rating: 2.0
Simple BOF vulnerability is in the **vote** routine.
If vote to **"oshima"**, we can overwrite chunk pointer and vote number.
So, we can continuously write everywhere with arbitary 1byte.
I use one_gadget and overwrite **__malloc_hook**.
how do you find one_gadget bro ?
hmm, ok, i found
https://github.com/david942j/one_gadget
