Ver:
Ataque contra
servidores web consistente en inyectar caracteres 0x00 en cadenas para
aprovechar que muchos programas desarrollados en C o C++ utilizan dicho
carácter como 'fin de cadena' y no siguen analizando.
An exploitation
technique used to bypass sanity checking filters by adding URL encoded
null-byte characters to user-supplied data. When developers create web
applications in a variety of programming languages, these web applications
often pass data to underlying lower level C-functions for further processing
and functionality. If a user-supplied string contains a null character (0), the
web application may stop processing the string at the point of the null. Null
Injection is a form of a meta-character Injection attack.
http://www.webappsec.org/projects/glossary/
Temas relacionados