The Absurdly Underestimated Dangers of CSV Injection
Hey, just for fun let’s try something, let’s modify our CSV file to the following
UserId,BillToDate,ProjectName,Description,DurationMinutes <span class="hljs-number">1</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Test Project,Flipped the jibbet,<span class="hljs-number">60</span> <span class="hljs-number">2</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Important Client,<span class="hljs-string">"Bop, dop, and giglip"</span>, <span class="hljs-number">240</span> <span class="hljs-number">2</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Important Client,<span class="hljs-string">"=2+5"</span>, <span class="hljs-number">240</span>