Ataque contra
servidores web consistente en inyectar caracteres 0x00 en cadenas para
aprovechar que muchos programas desarrollados en C o C++ utilizan dicho
carácter como 'fin de cadena' y no siguen analizando.
An exploitation technique
used to bypass sanity checking filters by adding URL encoded null-byte
characters to user-supplied data. When developers create web applications in a
variety of programming languages, these web applications often pass data to
underlying lower level C-functions for further processing and functionality. If
a user-supplied string contains a null character (0), the web application may
stop processing the string at the point of the null. Null Injection is a form
of a meta-character Injection attack.
http://www.webappsec.org/projects/glossary/