What you need to know about Evil-Colon attacks

2022-09-22 05:00

While novel attacks seem to emerge faster than TikTok trends, some warrant action before they've even had a chance to surface.

This is the case for an attack we'll refer to as Evil-Colon, which operates similarly to the now defunct Poison-NULL-Byte attacks.

Though Poison-NULL-Byte attacks are now obsolete, they may have paved the path for new, similar attacks that could wreak havoc in your code if not dealt with properly.

Imagine there is an application deployed on a Windows system that takes user input, doesn't filter for colon characters, and creates a file on a filesystem using that user input.

If you look at the Java application source code, you'll see that the user or malicious actor is able to modify existing files later in the code, which will effectively allow them to modify the ".

In the case of Evil-Colon, the attacker would probably try all code flows, which could lead to path creation with user input that would generate arbitrary file names and could be later exploited for dangerous and malicious actions.

News URL

https://www.helpnetsecurity.com/2022/09/22/evil-colon-attacks/

#attack