Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44830 PoC — Event Registration App 安全漏洞

Source
https://github.com/RashidKhanPathan/CVE-2022-44830
Associated Vulnerability
Title:Event Registration App 安全漏洞 (CVE-2022-44830)
Description:Event Registration App是Carlo Montero个人开发者的一个注册事件参与者的 JavaScript 应用程序。 Event Registration App v1.0版本存在安全漏洞,该漏洞源于通过First Name、Contact和Remarks字段包含CSV注入漏洞,这些漏洞允许攻击者通过精心制作的excel文件执行任意代码。
Readme
> [Suggested description]
> Sourcecodester Event Registration App v1.0 was discovered to contain
> multiple CSV injection vulnerabilities via the First Name, Contact and
> Remarks fields. These vulnerabilities allow attackers to execute
> arbitrary code via a crafted excel file.
>
> ------------------------------------------
>
> [Additional Information]
> Proof of Concept: https://drive.google.com/file/d/17rSb8GLFPQfqnVFI56AYffbVMDg8z75t/view?usp=sharing
> Vendor Homepage: https://www.sourcecodester.com/javascript/15214/event-registration-app-export-csv-javascript-free-source-code.html
> Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/registration.zip
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> CSV Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> Sourcecodester
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Event Registration App with Export to CSV in JavaScript - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Source Code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> in order to exploit this Vulnerability, the attacker need to insert an Excel Formula into the First Name, Contact, and Remarks fields, then click on Save then Click on Export to CSV and then click on Downloaded CSV in Excel once attacker open the Downloaded CSV File in Excel the Payload will Execute
>
> ------------------------------------------
>
> [Reference]
> https://drive.google.com/file/d/17rSb8GLFPQfqnVFI56AYffbVMDg8z75t/view?usp=sharing
> https://www.sourcecodester.com/javascript/15214/event-registration-app-export-csv-javascript-free-source-code.html
> https://www.sourcecodester.com/sites/default/files/download/oretnom23/registration.zip
>
> ------------------------------------------
>
> [Discoverer]
> RashidKhan Pathan

Use CVE-2022-44830.
File Snapshot

 [4.0K]  /data/pocs/638e9806722329d4669a9f2e3383bcf7cec82d7a
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.