OWASP Periodic Table of Vulnerabilities - Null Byte Injection

Return to Periodic Table Working View

Root Cause Summary
Null Byte Injection is an exploitation technique which uses URL-encoded null byte characters (i.e. %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow malicious adversary to get unauthorized access to the system files.

Browser / Standards Solution
None

Perimeter Solution
Null bytes are rarely if ever needed in user input for web applications. Perimeter defenses can simply look for null bytes in user input and reject such requests safely.

Generic Framework Solution
None

Custom Framework Solution
None

Custom Code Solution
Null bytes are rarely if ever needed in user input for web applications. Perimeter defenses can simply look for null bytes in user input and reject such requests safely.

Discussion / Controversy
None