Null byte Injection in https://████/
High
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
mohammedadam24
Vulnerability Details
Technical details and impact analysis
#Description:
Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.
#Vulnerable URL: https://████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION/
#Steps to Reproduce:
1) An attacker can exploit this issue via a browser.
The following example URI request is available:
https://███████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION%00
#Mitigation: https://www.securityfocus.com/bid/24791/solution
#See Also: https://www.exploit-db.com/exploits/30281
#Proof of Concept: Screenshots attached.
## Impact
An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Null Termination