WhiteHat Security logo

Application Security Terminology

Glossary

Svg Vector Icons : http://www.onlinewebfonts.com/icon Return to Glossary

Null Byte Injection

Null Byte Injection is an exploitation technique used to bypass sanity checking filters in infrastructure by adding URL-encoded null byte characters (i.e., %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow an attacker to get unauthorized access to system files. 

null-byte-injection

Most web applications today are developed using higher-level languages such as PHP, ASP, Perl, and Java. However, these web applications at some point require processing of high-level code at the system level and this process is usually accomplished using C/C++ functions. The diverse nature of these dependent technologies has resulted in the Null Byte Injection (aka Null Byte Poisoning) attack.