I've just read the PHP section onhttp://projects.webappsec.org/Null-Byte-Injection.The example it provides is pretty dumb - I mean, why would you ever want to include a file based on an outside param without checking it first (for directory traversal attacks, for one)?So, if following standard PHP security practices, such as
encoding user entered data on display
validating user entered stuff that works with files
preventing CRSF
not running uploads via something that executes PHP
etc
Can anyone provide a real life example or a common mistake of PHP developers where this problem can occur?ThanksUpateI'm trying to make something break, and this what I have tried.\[code\]// $filename is from public$filename = "some_file\0_that_is_bad.jpg";$ext = pathinfo($filename, PATHINFO_EXTENSION);var_dump($filename, $ext);\[/code\]Which outputs\[code\]string(26) "some_file?_that_is_bad.jpg"string(3) "jpg"\[/code\]
