Null Byte on Steroids
Hello, I’m 0xold, a penetration tester who began exploring bug bounty hunting about 8 months ago. Today, I’ll be sharing a couple of vulnerabilities I discovered leveraging null byte injection — exploits that wouldn’t have been possible without this technique. For confidentiality, I’ll refer to all the websites involved as company.com, as I’m not permitted to disclose the actual company names.
A null byte, often represented as ‘\0’, is a special character with a value of zero. In programming, it’s used to indicate the end of a string or data. Null byte injection involves manipulating this character to exploit vulnerabilities in a system.
i was testing this cdn application and decided to test the password reset functionality and i found a very interesting parameter called callbackUrl.
when i attempted to reset the password i attemped to to append /test at the end of the url and checked my email and i got the following url:
-Bournemouth-University-RS.jpg)
