# Download

we will use a character bypass called "Poison Null Byte". A Poison Null Byte looks like this: *%00*. 

Note: as we can download it using the url, we will need to encode this into a url encoded format.

The Poison Null Byte will now look like this: *%2500.* Adding this and then a **.md** to the end will bypass the 403 error!\
\
![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2Fl7BsfFlC2Q1qehezzp7S%2Fimage.png?alt=media\&token=43b24e21-f34d-40f8-9f2e-80eada9b26a6)\
\
**Why does this work?** 

A Poison Null Byte is actually a NULL terminator. By placing a NULL character in the string at a certain byte, the string will tell the server to terminate at that point, nulling the rest of the string.