To solve this question, the user needs to know about format string attacks and their consequences.

A format string attack occurs when a web application uses unvalidated input in a format string function. This can allow an attacker to read or write memory at will, which can lead to serious security issues.

Option A is incorrect. While the %s token can be used to read data from memory, it is not limited to "certain memory areas." Rather, it allows an attacker to read any data that is on the stack or heap.

Option B is incorrect. While other tokens can be used to write to memory, they are not limited to "certain areas." Rather, they allow an attacker to write to any address that is on the stack or heap.

Option C is correct. With a successful format string attack, an attacker can read and write to memory at will. This can allow the attacker to access sensitive data, modify program behavior, or even execute arbitrary code.

Option D is incorrect. A successful format string attack can have serious consequences, making this option incorrect.

Therefore, the answer is: C.