CAPEC-52
Embedding NULL Bytes
Description
An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
Prerequisites
The program does not properly handle postfix NULL terminators
Mitigations
Properly handle the NULL characters supplied as part of user input prior to doing anything with the data.
Skills Required
[Medium] Directory traversal
[High] Execution of arbitrary code