Archive for the ‘lfi’ Tag
The null byte to hack PHP-includes
Posted September 11, 2008
Filed under: PHP, Web Security | Tags: %00, lfi, PHP, rfi, security
Leave a Comment
Filed under: PHP, Web Security | Tags: %00, lfi, PHP, rfi, security
Leave a Comment The null byte (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets. Strings end if there is a null character.
In PHP this character looks like this %00.
Ok whats the deal with null bytes?
A lot of people think that this method below, to include a file which has a fix extension (.php), is a bullet prof one, but that’s not true.
<?php
include ($_GET['site'].”.php”);
?>
include ($_GET['site'].”.php”);
?>
If you call the script with a null byte in the URL it’s possible to include any local or remote site!
http://example.com/?site=../../../../etc/passwd%00
