What is Null Byte Injection? How to avoid it?

28
  • What would this Null Byte Injection be?

  • How to avoid it?

asked by anonymous 14.08.2015 / 14:23

1 answer

27

It is sending a byte (0) as a text that will later be used in some part of the application that will probably give access to some feature that should not be accessed.

How often strings are treated with a string ending with a null, this would cause security operations that add protective text to the string received by the application externally do not consider this text, since the text comparison functions stop when they find a null.

This is common in C's standard functions. This is why extra checks or manipulations must be done before using external source texts. Like everything from an external source.

Languages that take advantage of these functions without doing any extra checking or manipulation suffer from the same problem. PHP suffered from this in the past, but today it knows how to avoid this in its critical functions.

The solution is usually simple, since a null is rarely correct when it comes from web , where the type of attack is most common.

At bottom, this particular concern is not necessary. If you validate or clean external data correctly, as you always should, you do not have this problem. This is just one of the characters that should not be accepted.

    
14.08.2015 / 14:38