add null byte
jimmywarting opened this issue · 1 comments
jimmywarting commented
say that you have two files on the disc
- secret.json
- profile.jpg
the server allows you to read the content of any file ending with with jpg, so it is automatically suffixed with +".jpg"
readFile(path + ".jpg")but if you could trick it maybe you can get away with reading secret.json if you say that you want to read secret.json\0whatever_not_included
GrosSacASac commented
In what environment does that happen ?