Home 0P3N Blog Null Byte Injection
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Null Byte Injection

January 1, 2016
authors profile image
January 1, 2016
Null Byte Injection is an exploitation technique used to bypass sanity checking filters in infrastructure by adding URL-encoded null byte characters (i.e., %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow an attacker to get unauthorized access to system files. Most web applications today are developed using higher-level languages such as PHP, ASP, Perl, and Java. However, these web applications at some point require processing of high-level code at the system level and this process is usually accomplished using C/C++ functions. The diverse nature of these dependent technologies has resulted in the Null Byte Injection (aka Null Byte Poisoning) attack.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry