CAPEC Details
Name Embedding NULL Bytes
Likelyhood of attack Typical severity
High High
Summary An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
Prerequisites The program does not properly handle postfix NULL terminators
Execution Flow
Step Phase Description Techniques
1 Explore Identify a place in the program where user input may be used to escalate privileges by for instance accessing unauthorized file system resources through directory browsing.
2 Explore An attacker realizes that there is a postfix data that gets in the way of getting to the desired resources
3 Exploit An attacker then ads a postfix NULL terminator to the supplied input in order to "swallow" the postfixed data when the insertion is taking place. With the postfix data that got in the way of the attack gone, the doors are opened for accessing the desired resources.
Solutions Properly handle the NULL characters supplied as part of user input prior to doing anything with the data.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Related CAPECS
CAPEC ID Description
CAPEC-267 An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.
Taxonomy: WASC
Entry ID Entry Name
28 Null Byte Injection
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Embedding Null Code