🛠️ Null-byte injection
Null byte is a bypass technique for sending data that would be filtered otherwise. It relies on injecting the null byte characters (
\x00) in the supplied data. Its role is to terminate a string.
Accessing a file in an application that appends an extension.
- 1.An attacker wants to retrieve the file
/etc/passwdbut an extension
.phpis appended automatically such as
- 2.The attacker uses the null byte to terminate the string and throw away the
Uploading a file that is filtered by its extension.
- 1.An attacker wants to upload a
malicious.php, but the only extension allowed is
- 2.The attacker constructs the file name such as
malicious.php%00.pdfand uploads the file.
- 3.The application reads the
- 4.The file
malicious.phpis then put in the server.