Null Byte Injection
Extension check passed: images/showimage.php .jpg
File not found. But if this were PHP < 5.3.4, null byte would work!
This simulates what happens with null byte:
String before null byte: showimage.php
Extension checked: showimage.php .jpg (ends with .jpg ✓)
Actual file opened: images/showimage.php
Null Byte Test
Old PHP versions (< 5.3.4) truncate strings at null byte (%00).
The extension check sees .jpg but the OS opens file.php
Test payloads: