Many web forums have mushroomed on internet and they are setup in a jiffy,so they wont pay much attention to security. An older exploit I m discussing here is The Null Byte HackNull Byte exploit.Almost all forums include a picture and avatar uploading system where you can upload your user signatures and avatars.At first look it looks like a normal uploading system,but its a way to upload our own files into forum,or to get into admin area and literally “OWN†the forum. However as this hack is outdated as of now,most have deployed some form of input sanitation to prevent such an attack. Nevertheless,thousands of vulnerable forums do exists even now with even some bigger names crossed here.
How to do exploit it?
In order to exploit this vulnerability,you must input “% 00†(with or without space as the case arises).Now a lot of you are probably asking what the heck it is? Ah well..its the encrypted version of NULL .Its just like the same as we used to exploit the null session in Windows systems.
Now,whenever you will upload a file,you will be asked to specify the directory where the file is located.Now as each file has a particular extension,to signify the kind of file it is.Now what if we can input the “% 00†at the end of the file ?
The way most forums keep bad files in control and out of forum is by restricting certain extensions such as .exe . php etc. But if we can modify the file and trick the server into thinking that its something else the..
For Example:
C:\webroot\c99.php% 00.jpg
Now when we do this,The operating system will read the file to be uploaded as a PHP file,but the forum server will read it as a .jpg(image) file.And when this happens,you will exploit it to get and upload your files on server,and if you are a bit creative,can access the admin area too.