Formula Injection (or Spreadsheet Formula Injection) vulnerability affects applications that export spreadsheet files which are dynamically constructed from inadequately validated input data. Many modern web applications and frameworks offer spreadsheet export functionality, allowing users to download data in a .csv or .xls file suitable for handling in spreadsheet applications like Microsoft Excel and OpenOffice Calc. The resulting spreadsheet’s cells often contain input from untrusted sources such as survey responses, transaction details, and user-supplied addresses. Once injected, it affects application end-users that access the application exported spreadsheet files. Successful exploitation can lead to impacts such as client-sided command injection, code execution or remote ex-filtration of contained confidential data


Chirag Savla


Starts at Saturday August 13 2016, 12:30 PM. The sessions runs for about 1 hour.