| Name |
Embedding NULL Bytes |
|
| Likelyhood of attack |
Typical severity |
| High |
High |
|
| Summary |
An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s). |
| Prerequisites |
The program does not properly handle postfix NULL terminators |
| Execution Flow |
| Step |
Phase |
Description |
Techniques |
| 1 |
Explore |
Identify a place in the program where user input may be used to escalate privileges by for instance accessing unauthorized file system resources through directory browsing. |
|
| 2 |
Explore |
An attacker realizes that there is a postfix data that gets in the way of getting to the desired resources |
|
| 3 |
Exploit |
An attacker then ads a postfix NULL terminator to the supplied input in order to "swallow" the postfixed data when the insertion is taking place. With the postfix data that got in the way of the attack gone, the doors are opened for accessing the desired resources. |
|
|
| Solutions | Properly handle the NULL characters supplied as part of user input prior to doing anything with the data. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-20 |
Improper Input Validation |
| CWE-74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-158 |
Improper Neutralization of Null Byte or NUL Character |
| CWE-171 |
|
| CWE-172 |
Encoding Error |
| CWE-173 |
Improper Handling of Alternate Encoding |
| CWE-697 |
Incorrect Comparison |
| CWE-707 |
Improper Neutralization |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-267 |
An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard. |
|
| Taxonomy: WASC |
|
Entry ID
|
Entry Name
|
| 28 |
Null Byte Injection |
|
| Taxonomy: OWASP Attacks |
|
Entry ID
|
Entry Name
|
| Link |
Embedding Null Code |
|