CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or LibreOffice Calc is used to open a CSV, any cells starting with ‘=’ will be interpreted by the software as a formula. Maliciously crafted formulas can be used for three key attacks:
A short time ago, I had to set up a private Burp Collaborator Server to avoid possible leaks of my client´s sensitive information. I want to clarify that this guide is based on the one written by Fabio Pires, all merit is yours.
If you work with Burp and do not know what collaborator is, please check this documentation first.
Deploy a Linux machine on Azure and open the following ports, I have used a Ubuntu Server 18.04. …
👋 Hi again, guys
Lately, I am dedicating my little free time to audit open source software, mainly those that are web-based.
This time, I want to share with you some Cross-Site Request Forgery (CSRF) that I found in PHP Server Monitor 3.3.1 open source software, I hope to share more with you in the future.
Cross-Site Request Forgery is a type of malicious technique where unauthorized commands are transmitted from a user that the web application trusts.
Therefore, if we get a user of the application to execute a payload previously prepared by us, we will successfully exploit this vulnerability. …