excel   34391

« earlier    

The Absurdly Underestimated Dangers of CSV Injection
I’ve been doing the local usergroup circuit with this lately and have been asked to write it up.

In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV.

That is just about every application.

Edit: Credit where due, I’ve been pointed to this article from 2014 by an actual security pro which discusses some of these vectors. And another one.

So let’s set the scene - imagine a time or ticket tracking app. Users enter their time (or tickets) but cannot view those of other users. A site administrator then comes along and exports entries to a csv file, opening it up in a spreadsheet application. Pretty standard stuff.
security  excel  spreadsheets  netsec 
yesterday by danwin
RT : Data disaster no match for Power Query in !
Excel  from twitter_favs
2 days ago by dtomoff

« earlier    

related tags

@归档  ai  algorithms  art  bibliography  bitmex  business  charts  citations  code  computer  consulting  converter  cool  countif  crm  csv  dashboard  data  database  datascience  dataviz  digital  diigo  docs  electronics  encryption  example  explanation  export  favoriten  fb  fix  formating  free  games  go  golang  google  graph  gui  guide  guideline  hacks  how-to  how  howto  ifblank  import  interesting  iqyfiles  java.example  java  javascript  json  jupyter  knowledge  laravel  learning  lern  linqpad  mac  machinelearning  macos  macosx  macro  macros  make  management  microsoft  ml  mla  ms  netsec  numbers  office  parser  password  pdf  php  powerpivot  powerquery  programming  projects  python  rat  reddit  redditcomments  reference  reproducible  research  science  search  security  sheets  soundex  spam  spreadsheet  spreadsheets  sql  stack_overflow  stackoverflow  statistics  support  tips  tolearn  tool  tools  toread  totry  tounderstand  troubleshoot  tutorial  unicode  unusual  utf8  vba  video  visio  visualization  vuejs  webapp  win  windows  word  work  xls  xslx 

Copy this bookmark: