Null byte is a bypass technique for sending data that would be filtered otherwise. It relies on injecting the null byte characters (%00, \x00) in the supplied data. Its role is to terminate a string.
Practice
File access restriction by extension
Accessing a file in an application that appends an extension.
Example:
An attacker wants to retrieve the file/etc/passwd but an extension .php is appended automatically such as /etc/passwd.php.
The attacker uses the null byte to terminate the string and throw away the .php extension: /etc/passwd%00
File upload restriction by extension
Uploading a file that is filtered by its extension.
Example:
An attacker wants to upload a malicious.php, but the only extension allowed is .pdf.
The attacker constructs the file name such as malicious.php%00.pdf and uploads the file.
The application reads the .pdf extension, validate the upload, and later throws the end of the string due to the null byte.
