All articles tagged as:

csv

From CSV to Meterpreter

As many of you have probably seen, last year Context published research into spreadsheet applications such as Excel which render CSV files (and their embedded formula) when opened. If you haven't, I suggest stopping and reading http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ Many web applications provide a user with an option to export data to a CSV file format, and when the data can be influenced by an attacker (registration names, analytics etc), you are facing a potentially dangerous combination. To highlight the risk of such a vulnerability, sometimes popping calc.…

Read more »