[Snort-users] CGI Null Byte Attack

Vitaly McLain twistah at ...93...
Mon Nov 20 22:27:24 EST 2000


In short, a "Poison NULL Byte Attack" is when an attacker appends a %00 to a
URL, in order to confuse
a Perl script about where the end of input is (ie to get rid of a file
extension to exploit an open() call, if that makes any sense.)

rain.forrest.puppy described this (and other) attacks in one of his Phrack
articles (I believe it was Phrack #55). It should be either on
phrack.infonexus.com or RFP's site, www.wiretrip.net/rfp

Vitaly McLain
twistah at ...93...
twistah @ OPN & EfNet
"If you don't turn on to politics, politics will turn on you."
       - Ralph Nader




More information about the Snort-users mailing list