2dbd546dde
3 changes to exploits/shellcodes WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Kimai 1.14 - CSV Injection Montiorr 1.7.6m - File Upload to XSS
20 lines
No EOL
846 B
Text
20 lines
No EOL
846 B
Text
# Exploit Title: Kimai 1.14 - CSV Injection
|
|
# Date: 26/04/2021
|
|
# Exploit Author: Mohammed Aloraimi
|
|
# Vendor Homepage: https://www.kimai.org/
|
|
# Software Link: https://github.com/kevinpapst/kimai2
|
|
# Version: 1.14 <https://github.com/kevinpapst/kimai2/releases/tag/1.14>
|
|
# Payload: @SUM(1+9)*cmd|' /C calc'!A0
|
|
# Tested on: Win10x64
|
|
# Proof Of Concept:
|
|
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in
|
|
creating new timesheet in Kimai. By filling the Description field with malicious
|
|
payload, it will be mistreated while exporting to a CSV file.
|
|
|
|
To exploit this vulnerability:
|
|
1- Login as user.
|
|
2- Create new timesheet.
|
|
3- Fill the description with the malicious payload.
|
|
4- Save the timesheet.
|
|
5- Export it via CSV.
|
|
6- Open the CSV file, allow all popups and our payload is executed(calculator is opened). |