White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
You can download it from the following link: https://packetstormsecurity.com/files/download/33777/0x00_vs_ASP_File_Uploads.pdf
Source: https://packetstormsecurity.com/files/33777/0x00_vs_ASP_File_Uploads.pdf.html