If you do not wish to visit the above, or simply want me to explain more, here you go.
%00 is essentially a terminator, it stops anything else from being done, such as comparisons or file inclusions, and "poisons" the application, causing it to behave in unexpected ways.
Here is another example, taken from hakipedia:
- Code: Select all
$file = $_GET['file'];
Calling the URI "www.example.com/file.php?file=../../../../../etc/passwd%00" would terminate the string, and the .php would not be appended as would be expected.
Because the .php is not appended, the /etc/passwd file, a rather important file on *nix systems, gets included for easy viewing of the attacker.