There was section where a customer can upload the data in bulk through csv file .
This section caught my eyes as later on these uplaoded data were meant for back-end team,where they can export it form a excel file.
Since excel file is being exported from the domain itself so trust factor for file would obviously be high,so if by chance an attacker could infect those excel file in such a way that it can execute some remote code in client side,then needless to say backend system can easily be compromised with this.
so i thought to uplaod a injected csv file but to my woes file was well handled by the policies set at server side .My reaction was at the that time
so i start fiddling with file uplaoding type allowed in server though only csv was mentioned but to my luck i found that text file is allowed, i just uploaded a text file and it was through
As file were still being exported as excel so i thought to make simple injection like
=-2+3+sum(1,10) in my text file and uploaded it to server when i exported the file(excel) it was to see how it looks
Voilla!! that means it can be used to infect the internal system as user-cum attacker can write small macro code in text file to infect the internal system.
Thats for all now ..will get back to you some interesting finding or stuff...till then signing off!!
0 comments:
Post a Comment