Thursday, 22 August 2013

The Poison Null Byte aka The Poisoned NUL Byte

There are a number of ways to prevent Poison Null Byte injections within PHP. These include escaping the NULL byte with a backslash, however, the most recommended way to do so is to completely remove the byte by using code similar to the following:

$file = str_replace(chr(0), '', $string);

same approach :

 
$text = str_replace("\0", "", $text);
 
will replace all null characters in the $text string. You can also supply arrays for the first two arguments, if you want to do multiple replacements.
 
 
http://en.wikipedia.org/wiki/Null_character
 
 
Prevent php NULL byte or upload file security hole
 
 ====================================
 1) via .htaccess file
 Put following in .htaccess and 
 put it in the appropriate directory
 ====================================
 # Sample '.htaccess' file for 'pub' subdirectory
 
 # Allow all access
 Allow from all
 
 # Deny people from looking at the index and running SSI and CGI
 Options None
 
 # If you have PHP4 or PHP5 installed make sure the directive 
 # below is enabled. If you do not have PHP installed you will 
 # need to comment out the directory below to avoid errors:
 php_flag engine off
 
 # If you have PHP3 installed make sure the directive below is 
 # enabled:
 #php3_engine off
 
 # This line will redefine the mime type for the most common 
 # types of scripts. It will also deliver HTML files as if they 
 # are text files:
 AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
 
 
 ===========================
 2) Via Directory directive 
 ===========================
 
 <DirectoryMatch "/images|/upload|/Upload|/Images">
     # Ignore .htaccess files
     AllowOverride None
 
     # Serve scripts as plaintext
     AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
 
     # Don't run arbitrary PHP code.
     php_admin_flag engine off
 </DirectoryMatch>
 
 
 ==========================
 3) Via Location directive
 ==========================
 
 <LocationMatch "/images|/upload">
     # Ignore .htaccess files
     AllowOverride None
     
     # Serve scripts as plaintext
     AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
     
     # Don't run arbitrary PHP code.
     php_admin_flag engine off
 </Location>


Share:
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)