Updated site

AlBovo · AlBovo · commit 44463bca3518 · 2025-09-17T20:09:13.000Z
diff --git a/en/ctf/ctfatac/index.html b/en/ctf/ctfatac/index.html
@@ -573,7 +573,7 @@ <h3 id="fini">fini<a hidden class="anchor" aria-hidden="true" href="#fini">#</a>
 <h4 id="finding-the-vulnerability">Finding the Vulnerability<a hidden class="anchor" aria-hidden="true" href="#finding-the-vulnerability">#</a></h4>
 <p>The vulnerability is easy to spot if you are familiar with format string bugs.<br>
 In the decompiled code (see image below), the program calls <code>printf()</code> <strong>without</strong> specifying a format string, like <code>%s</code>:</p>
-<p><img alt="Decompiled code showing vulnerable printf" loading="lazy" src="image-1.png"></p>
+<p><img alt="Decompiled code showing vulnerable printf" loading="lazy" src="/images/fini.png"></p>
 <p>This means user input is passed directly to <code>printf</code>, allowing us to control the format string and leak stack values or write to arbitrary memory.</p>
 <p>Additionally, the program provides a feature that lets us write any value to any address—this will be useful for exploitation.</p>
 <h4 id="exploiting-the-vulnerability">Exploiting the Vulnerability<a hidden class="anchor" aria-hidden="true" href="#exploiting-the-vulnerability">#</a></h4>
diff --git a/images/fini.png b/images/fini.png
diff --git a/it/ctf/ctfatac/index.html b/it/ctf/ctfatac/index.html
@@ -573,7 +573,7 @@ <h3 id="fini">fini<a hidden class="anchor" aria-hidden="true" href="#fini">#</a>
 <h4 id="individuare-la-vulnerabilità">Individuare la vulnerabilità<a hidden class="anchor" aria-hidden="true" href="#individuare-la-vulnerabilità">#</a></h4>
 <p>La vulnerabilità è evidente se conosci i format string bug.
 Nel codice decompilato (vedi immagine), il programma chiama <code>printf()</code> <strong>senza</strong> specificare una format string, tipo <code>%s</code>:</p>
-<p><img alt="Decompiled code showing vulnerable printf" loading="lazy" src="image-1.png"></p>
+<p><img alt="Decompiled code showing vulnerable printf" loading="lazy" src="/images/fini.png"></p>
 <p>Questo significa che l’input dell’utente viene passato direttamente a <code>printf</code>, permettendoci di controllare la format string e di leakare valori dallo stack o scrivere in memoria arbitraria.</p>
 <p>Inoltre, il programma offre una funzionalità che permette di scrivere qualsiasi valore in qualunque indirizzo—utile per l’exploit.</p>
 <h4 id="sfruttare-la-vulnerabilità">Sfruttare la vulnerabilità<a hidden class="anchor" aria-hidden="true" href="#sfruttare-la-vulnerabilità">#</a></h4>
