This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Periodic Table of Vulnerabilities - Null Byte Injection
Return to Periodic Table Working View
Null Byte Injection
Root Cause Summary
Null Byte Injection is an exploitation technique which uses URL-encoded null byte characters (i.e. %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow malicious adversary to get unauthorized access to the system files.
Browser / Standards Solution
None
Perimeter Solution
Null bytes are rarely if ever needed in user input for web applications. Perimeter defenses can simply look for null bytes in user input and reject such requests safely.
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
Null bytes are rarely if ever needed in user input for web applications. Perimeter defenses can simply look for null bytes in user input and reject such requests safely.
Discussion / Controversy
None