1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Null Byte Injection

Variants:
Direct Persistent Session 

Also Known As:
Poison Null Byte, Embedding Null Code

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation

Invented In:
26/10/2000

Added In:
08/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Null inputs can affect the structure of server-side strings, enabling attackers to bypass restrictions and cause unexpected application behaviors.


Direct Variant:

Null Byte Injection

Variant Title:
Null Byte Injection

Typical Severity:
Medium

Resources:

Wiki

CWE

CAPEC

WASC

Vulnerapedia

OWASP Attacks

Hakipedia

Other I

Other II

Other III

White Papers:

Paper I

Paper II

Paper II

Learn More:



Persistent Variant:

Stored Null Byte Injection

Also Known As:
Persistent Null Byte Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

Null Byte Injection via Session Puzzling

Also Known As:
Session Null Byte Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:




TECAPI ©

Join