payloadbox/csv-injection-payloads

Missing = on CSV injection

alvyn279 opened this issue 3 years ago · 0 comments

alvyn279 commented 3 years ago

csv-injection-payloads/Intruder/csv-payload.txt

Line 1 in 5b11d85

DDE ("cmd";"/C calc";"!A0")A0

Seems like you're missing an = before the DDE command.

Sources:
https://www.whiteoaksecurity.com/blog/2020-4-23-csv-injection-whats-the-risk/
https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/
https://www.contextis.com/us/blog/comma-separated-vulnerabilities