When a spreadsheet program such as Microsoft Excel or LibreOffice Calc
is used to open a CSV, any cells starting with '=' will be interpreted
by the software as a formula. Maliciously crafted formulas can be used
for three key attacks:
您可以通过以下方法防止此攻击:
This attack is difficult to mitigate, and explicitly disallowed from
quite a few bug bounty programs. To remediate it, ensure that no cells
begin with any of the following characters:
看看CSV注入的定义(这个链接可以在你的SO链接中找到) https://www.owasp.org/index.php/CSV_Injection
简而言之:
您可以通过以下方法防止此攻击:
我不知道如何使用ClamAV,因为我不使用它, 但是您可以编写一个小python函数来读取文件,并确保没有任何单元格以上述任何字符开头。你知道吗
相关问题 更多 >
编程相关推荐