Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CWE-1236: Improper Neutralization of Formula Elements in a CSV File #2327

Open
0x30Rizk opened this issue Aug 5, 2022 · 0 comments
Open

CWE-1236: Improper Neutralization of Formula Elements in a CSV File #2327

0x30Rizk opened this issue Aug 5, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@0x30Rizk
Copy link

0x30Rizk commented Aug 5, 2022
edited
Loading

描述您遇到的bug
webcute v3.2.2
在這些page上存在CSV injection
[Home / Admin / Resources] page
[Home / Admin / System Params] page
[Home / Design / Basekey Configuration] page

如何重现
input
=10+20+cmd|' /C calc'!A0
並export csv出來,在使用windows系統開啟

预期行为
跳出程式calc.exe

截图
01
02

附加
@0x30Rizk 0x30Rizk added the bug Something isn't working label Aug 5, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0x30Rizk