Many web forums set up on the internet are done quickly rather than securely. The exploit I am discussing here is an older one, called the Null Byte. Most forums have a picture and avatar uploading system so the user can upload their own signature and avatar. The Null Byte is a way for us to upload our own files into the forum, or to get into an administrator area and literally “own” the forum. This hack is somewhere outdated; most forums have deployed some form of input sanitation to prevent such an attack. Nevertheless, thousands of vulnerable forums still exist, as security is not always a top priority for people creating forums.
How to exploit it?
Whenever you upload a file, you will be asked to specify the directory where the file is located. Each file has a particular extension at the end, to signify the file type. Most forums restrict certain extensions, such as .exe or .php, specifically to keep bad files under control. But we can modify the file and trick the server into the thinking it is something else using the Null Byte hack.
Modify the file name to incorporate “%00” into the name.
For example: C:webrootc99.php% 00.jpg
The operating system will read this file as a .php file, but for the forum server will read it as .jpg. When this happens, you will exploit it get your files on the server, and with some creativity, access the admin area as well.
Leave a Reply