Skip to content

Latest commit

 

History

History
16 lines (14 loc) · 1.31 KB

File metadata and controls

16 lines (14 loc) · 1.31 KB

Stirling-PDF v1.3.2 - CSV Formula Injection

Summary

CSV Formula Injection in Stirling-PDF v1.3.2: when converting PDF content to CSV the application does not neutralize cell values that begin with characters treated as formulas by spreadsheet software (for example =, +, -, @). A malicious PDF (or PDF containing attacker-controlled metadata) can inject spreadsheet formulas into exported CSVs; when a user opens that CSV in Excel/LibreOffice the formula is evaluated in the user’s spreadsheet context.

PoC

Prepare a crafted CSV file, then export it to pdf. image Navigate to "PDF to CSV" function, upload the exported pdf. image Extract it. image Open the downloaded file. image Formula triggered. image