Detailedlikelihood: Highseverity: HighDraft

CAPEC-53Postfix, Null Terminate, and Backslash

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.

Related weaknesses· 7

CWE-158CWE-172CWE-173CWE-74CWE-20CWE-697CWE-707

Related attack patterns· 1

CAPEC-267 (ChildOf)

Exploits7

TypeTargetConfidenceTier
WeaknessImproper Neutralizationcwe-707100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessEncoding Errorcwe-172100%live
WeaknessImproper Input Validationcwe-20100%live
WeaknessImproper Handling of Alternate Encodingcwe-173100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessImproper Neutralization of Null Byte or NUL Charactercwe-158100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Embedding NULL Bytes
CAPEC
Using Escaped Slashes in Alternate Encoding
CAPEC
XSS Using Invalid Characters
CAPEC
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC
Using Slashes in Alternate Encoding
CAPEC
TCP Null Scan
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.