null-byte-injection – WindowsTechs.com

Null byte injection using JSON [closed]

Posted on June 24, 2020 by Animesh Bilthare

I’m trying to make a chatroom for my university, It takes username in JSON, and then stores it in an object, then takes it to DB for keeping logs, but the thing is, that object also has a "status" key, whose value is set to guest… Continue reading Null byte injection using JSON [closed]→

null-byte-injection not happening at hackthissite realistic level 14

Posted on May 5, 2019 by user3617992

I’m trying to learn something about hacking and I’ve made it until realistic level 14 at hackthissite.com

I have tried many things until I was frustrated and searched for the first step on the internet. It is suggested to do a null-byte i… Continue reading null-byte-injection not happening at hackthissite realistic level 14→

How can I create a file with a null byte in the filename? [on hold]

Posted on January 15, 2019 by Milk

For a security test, I need to pass a file that contains null characters in it’s content and it’s filename.

For the body content, it’s easy to use printf

$ printf “Hello\00, Null!” > containsnull.txt
$ xxd contains.null… Continue reading How can I create a file with a null byte in the filename? [on hold]→

Pervasive PSQL Injection Login bypass [on hold]

Posted on July 26, 2017 by user2897579

I’ve been previously trying to bypass the login of a friends web application school project with a “simple” SQL-injection.

Bad things:

It’s Black Box. (So no sniffing around in the backend)

I haven’t worked with pervasive PSQL yet.

Good things:

I have managed to tickle the pervasive DB to give me quite some nice information by insertig a null byte in my request.

ERROR: 1104 MSV_Data.MSV_QueryDef Command: SELECT * FROM users WHERE
(login = ‘user\” or true);– ‘ ) Fehler:
Pervasive.Data.SqlClient.Lna.w: [LNA][Pervasive][ODBC Engine
Interface]Syntax Error: SELECT * FROM users WHERE (login = ‘user\” or
true);–<< ??? >> .

So as you can probably see, the null byte was inserted/appended to the end of my query (represented by << ??? >>).
And as you can probably see as well, is that I inserted ” user/’ ” in order to bypass the “escaping method”, which basically prepends a second single quote.

And as you are reading this, no, it didn’t work after leaving out the null byte at the end.

Now my question: Is it possible to bypass this method and do you have any other fancy ideas to try?

PS: I already tried URL encoding, same result.

Continue reading Pervasive PSQL Injection Login bypass [on hold]→

How would someone execute a Perl script on a webpage?

Posted on April 29, 2017 by Keegan Kuhn

OWASP’s XSS Filter Evasion Cheatsheet has a Perl script listed:

perl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out

It also says this above it:

Null chars also work as XSS vectors but not like above, y… Continue reading How would someone execute a Perl script on a webpage?→

Cookie that contains NULL byte character (0x00) on new WordPress.org site – any issues?

Posted on March 3, 2017 by James

I installed NinjaFirewall plugin on WP.org v4.7.2. It locked me out of my site.

They asked for the log from my hosting company’s cPanel, which I got and they report:

You have a cookie that contains the NULL byte character (0x00). That’s
very odd and unusual.

You can log in to WordPress using another browser (or delete your
cookies first), then go to “NinjaFirewall > Firewall Policies >
Various > Block ASCII character 0x00 (NULL byte)” and select “No”.
Then, scroll down to the bottom of the page and click “Save Firewall
Policies”.

This is all new ground for me. Does anyone know if there are any issues I should be aware of?

Continue reading Cookie that contains NULL byte character (0x00) on new WordPress.org site – any issues?→

Cookie that contains NULL byte character (0x00) on new WordPress.org site – any issues?

Posted on March 3, 2017 by James

I installed NinjaFirewall plugin on WP.org v4.7.2. It locked me out of my site.

They asked for the log from my hosting company’s cPanel, which I got and they report:

You have a cookie that contains the NULL byte character (0x00). That’s
very odd and unusual.

You can log in to WordPress using another browser (or delete your
cookies first), then go to “NinjaFirewall > Firewall Policies >
Various > Block ASCII character 0x00 (NULL byte)” and select “No”.
Then, scroll down to the bottom of the page and click “Save Firewall
Policies”.

This is all new ground for me. Does anyone know if there are any issues I should be aware of?

Continue reading Cookie that contains NULL byte character (0x00) on new WordPress.org site – any issues?→

Remote OS command injection – tests

Posted on March 30, 2016 by k1308517

ZAP scanner found Remote OS command injection.

Is there any foolproof way to check if this works and is not a false positive?

I have tried to make it sleep 50 seconds but it’s not something I can visually see, also the pag… Continue reading Remote OS command injection – tests→

Remote OS command injection – tests

Posted on March 30, 2016 by k1308517

ZAP scanner found Remote OS command injection.

Is there any foolproof way to check if this works and is not a false positive?

I have tried to make it sleep 50 seconds but it’s not something I can visually see, also the pag… Continue reading Remote OS command injection – tests→

Printf inject 0x00

Posted on January 22, 2015 by robertkin

When performing a format string exploit, how do you inject an address that contains 0x00?

#include<stdio.h>

int main(int argc,char *argv[])
{
char buf[80];
snprintf(buf, 79, argv[1]);
printf(buf);
}

How would you get … Continue reading Printf inject 0x00→