Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
NULL-byte injection vulnerabilities in Microsoft .NET Framework - exploit.company
header-logo
Suggest Exploit
vendor:
.NET Framework
by:
Unknown
7.5
CVSS
HIGH
NULL-byte injection
79
CWE
Product Name: .NET Framework
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:microsoft:.net_framework
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

NULL-byte injection vulnerabilities in Microsoft .NET Framework

The Microsoft .NET Framework is vulnerable to multiple NULL-byte injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied data. An attacker can exploit these vulnerabilities to access sensitive information that may assist in further attacks. Additionally, other types of attacks may also be possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches provided by Microsoft. Additionally, input validation and sanitization should be implemented to prevent NULL-byte injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24791/info

Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.

An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible. 

http://www.example.com/[path]/somescript.asp%00

Navigation

Suggest Exploit

Services By CQR