Setup Home Instructions Setup / Reset
Attacks SQL Injection SQL Injection (Blind) OS Command Injection XPATH Injection Formula Injection PHP Object Injection Unrestricted File Upload XSS - Reflected XSS - Stored XSS - DOM Based SSRF / XSPA File Inclusion Session Flaws Insecure Direct Object Reference Missing Functional Access Control CSRF Cryptography Redirects & Forwards Server Side Template Injection

CSV Formula Injection

CSV Formula injection is also known as CSV Excel Macro Injection. This happens when the application does not validate the content of CSV file. Applications that allows to export/download data in CSV or excel format usually vulnerable to such attacks.

Read more about CVS Formula Injection
https://www.owasp.org/index.php/CSV_Excel_Macro_Injection

Hint: Find a way to create or update am item with your payload


Item CodeItem NameCategoryPrice
XVWA0987AffogatoEspresso,Vanilla Gelato$4.69
XVWA3876AmericanoEspresso$5
XVWA4589BicerinEspresso, Chocolate, Milk$8.9
XVWA7619Café BombónEspresso, Sweetened Milk$7.08
XVWA5642Café au laitCoffee, Milk$10.15
XVWA7569Caffé correttoEspresso, Liquor Shot$6.01
XVWA3671Caffé latteEspresso, Milk$6.04
XVWA1672Café mélangeWhite Creame$3.06
XVWA4276Cafe mochaLatte, Chocolate$4.05
XVWA9680CappuccinoEspresso, Milk$3.06