bypass to csv injection
Unknown
Vulnerability Details
Hi Ian,
I would like to add payload to this report #151516.
payload used:
http://google.com?,=2+2-2+3+cmd|' /C calc'!G2
When injecting https://google.com? it will be rendered as a link but when comma (,) it will be rendered in a new cell which will execute the command.
Thanks,
Actions
View on HackerOneReport Stats
- Report ID: 161290
- State: Closed
- Substate: not-applicable
- Upvotes: 1