Cardboard Iguana Security

/

spells

/

Poison null byte in PHP

Saturday, June 14, 20251 min read

  • AttackCycle/Exploitation/NullByteAttacks
  • Language/PHP

String parsing for PHP < 5.3.4 is susceptible to the poison null byte.

The best way to defend against these attacks is to simply sanitize strings by explicitly removing any null bytes they contain.

$sanitized_string = str_replace(chr(0), '', $original_string);  

Backlinks

  • PHP
  • Poison null byte attack

Graph View

Created with Quartz v4.5.1 © 2025

  • Home
  • Resume
  • Contact
  • RSS Feed