Last post Oct 13, 2014 02:28 AM by Summer - MSFT
Oct 10, 2014 11:51 AM|Pradipta nilav|LINK
Due to security, I have to prevent Null Byte injection & poison null byte file upload.
Oct 13, 2014 02:28 AM|Summer - MSFT|LINK
Hi Pradipta nilav,
Welcome to the ASP.NET forum.
According to your description, if you want to prevent Null Byte injection & poison null byte file upload, my suggestion is you should make some verification in FileUpload control.
I made a test on my web application, please refer to the code below:
protected void Button1_Click(object sender, EventArgs e)
string FilePath = FileUpload1.FileName;
//verify the file whether is exist
//verify the file's type
if (System.IO.Path.GetExtension(FilePath) != ".jpg")
Response.Write("<script>alert('The fiel type not right !')</script>");
Response.Write("<script>alert('The fiel is not exist !')</script>");
If there’s anything else I can do for you on this matter, please feel free to contact me at any time.