Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats


Subscribe to Blog via Email

Popular Posts:

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of data exfiltration via Google Sheets Injection, while the second case demonstrates a path from formula injection to remote code execution.