Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
描述您遇到的bug webcute v3.2.2 在這些page上存在CSV injection [Home / Admin / Resources] page [Home / Admin / System Params] page [Home / Design / Basekey Configuration] page
如何重现 input =10+20+cmd|' /C calc'!A0 並export csv出來,在使用windows系統開啟
=10+20+cmd|' /C calc'!A0
预期行为 跳出程式calc.exe
截图
附加
The text was updated successfully, but these errors were encountered:
No branches or pull requests
描述您遇到的bug
webcute v3.2.2
在這些page上存在CSV injection
[Home / Admin / Resources] page
[Home / Admin / System Params] page
[Home / Design / Basekey Configuration] page
如何重现
input
=10+20+cmd|' /C calc'!A0並export csv出來,在使用windows系統開啟
预期行为
跳出程式calc.exe
截图


附加
The text was updated successfully, but these errors were encountered: