CSV Formula Injection
Another common security issue which is found these days is CSV injection(CSV - Comma Separated Value). Recently I came across a web application which had this bug and I could not stop myself from writing this blogpost.
What made me to test CSV Injection
Below are few features which made me think to test for CSV injection issue
- Export Functionality in the web application
- Export as CSV format
- User input being exported into the CSV