Skip to content

Instantly share code, notes, and snippets.

@senzee1984

senzee1984/atlos_csv injection.md Secret

Created July 12, 2023 23:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save senzee1984/ff30f0914db39d2741ab17332f0fc6e1 to your computer and use it in GitHub Desktop.
Save senzee1984/ff30f0914db39d2741ab17332f0fc6e1 to your computer and use it in GitHub Desktop.
Download ZIP
atlos_cve_referrence
Raw
atlos_csv injection.md

Product: Atlos

Vendor: https://atlos.org/

Affected Version(s): 1.0

CVE ID: TBD

Description: CSV Injection in Project Export functionality in Atlos 1.0 allows attackers to gain client-side code execution by creating an incident with a malicious Description.

Vulnerability Type: CSV Injection

Root Cause: User inputs are not sanitized against CSV injection attack when creating a new incident.

Impact: An authenticated attacker may be able to gain client-side code execution against other Atlos users.

PoC:

  1. Sign in to the Atlos application, privilege is not required.
  2. Create a new project, or select an existing project that the attacker has permission.
  3. Create a new incident, and set the Description field of the incident as a CSV injection payload. For instance: =10+20+cmd|' /C calc'!A0
  4. Invite users to this project.
  5. When any user exports the project and open the CSV file, client-side code execution may happen.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment