header-logo
Suggest Exploit
vendor:
.NET Framework
by:
Unknown
7.5
CVSS
HIGH
NULL-byte injection
79
CWE
Product Name: .NET Framework
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:microsoft:.net_framework
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

NULL-byte injection vulnerabilities in Microsoft .NET Framework

The Microsoft .NET Framework is vulnerable to multiple NULL-byte injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied data. An attacker can exploit these vulnerabilities to access sensitive information that may assist in further attacks. Additionally, other types of attacks may also be possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches provided by Microsoft. Additionally, input validation and sanitization should be implemented to prevent NULL-byte injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24791/info

Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.

An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible. 

http://www.example.com/[path]/somescript.asp%00

Navigation

Suggest Exploit

Services By CQR