Format String Exploit

{1}Weakness: Input Validation
"The root cause: trusting user-supplied input without validation. Can be used to read from the stack and write to arbitrary memory locations [Howard]"
user_input = "AAAA%p %p %p %p %p %p"
printf(user_input);
fprintf(STDOUT, user_input);