Home About Archives Search Feed

The Absurdly Underestimated Dangers of CSV Injection

🔒 georgemauer.net

Interesting writeup on injecting formulas into CSV data to affect the behavior of the software that is reading the CSV. This example uses the preference that spreadsheets have to interpret formulas embedded in CSV files. Security risks like this can be surprising, even to very technical people, since the data isn’t an executable itself.

Posted on October 10, 2017

← Next post    ·    Previous post →