Null Byte Injection is an exploitation technique used to bypass sanity checking filters in infrastructure by adding URLnull-byte-injection-encoded null byte characters (i.e., %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow an attacker to get unauthorized access to system files.
All languages of the web are exploitable with this if your code isn't sanitizing input -OR- parsing files properly. Null bytes are put in place to terminate strings or be a place holder in code, and injecting these into URLs can cause web applications to not know when to terminate strings and manipulate the applications for purposes such as LFI/RFI (Local and Remote File Inclusion).
ftp directory
.md files can be accessed
.bak files are inaccessible
%25%30%30 is url encoded %00, add it to url followed by allowed .md type
file type filter is breached, files are downloaded
reference:
No comments:
Post a Comment