CSV Formula Injection
Another common security issue which is found these days is CSV injection(CSV - Comma Separated Value). Recently I came across a web application which had this bug and I could not stop myself from writing this blogpost.
Approach
What made me to test CSV Injection
Below are few features which made me think to test for CSV injection issue
- Export Functionality in the web application
- Export as CSV format
- User input being exported into the CSV
Pankaj Mouriya
Security, Platform Engineering | CKA | AWS Certified Security - Specialty
I Workout, Diving Deep into K8s, AWS Security My Specialty, Find Bugs in Web Applications and drink lots of coffee.