Programmer's Wiki
Advertisement

The null character or null terminator is a control character used in some programs and programming languages. It is usually used as a string terminator.

The null character has a value of zero in ASCII and Unicode. It is often represented by the escape sequence "\0" or by its value itself, 0.

Null byte poison[]

Null byte poison is the name of a null character related security risk. A web site may allow people to upload profile pictures and then there's some script checking the file extension so it is something allowed (here an image file). The script will probably miss the real extension, if a fake extension is applied before the null byte, so the "image" file could just as well be a PHP script built to remove everything on the site!

The solution is to have a script to change the null byte to something else.

Advertisement