CVE-2023-36250 PoC — GNOME Time Tracker 注入漏洞

Source

https://github.com/BrunoTeixeira1996/CVE-2023-36250

Associated Vulnerability

Title:GNOME Time Tracker 注入漏洞 (CVE-2023-36250)
Description:GNOME Time Tracker（GnoTime,GTT）是GNOME公司的一个待办事项列表/日记/日记工具。 GNOME Time Tracker 3.0.2版本存在安全漏洞，该漏洞源于存在CSV注入漏洞。攻击者可利用该漏洞通过构建.tsv文件执行任意代码。

Readme

# CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

## Vulnerability Type

CSV Injection

## Discoverer

Bruno Teixeira

## Reference

http://gnome.com

## Affected Product Code Base

GNOME time tracker v3.0.2

## PoC

Creating a new record using a fomrula (=3+3) in the cmdline field, creates a way to inject formulas when exporting to .tsv.
With this, when someone extract this .tsv file, the sheet software will evaluate as a valid formula and it will execute it.
Note that this is just a sum operation but it's possible to load software that resides on the victim machine, or even create a malicious hyperlink.

![image](https://github.com/BrunoTeixeira1996/CVE-2023-36250/assets/12052283/a59a63a4-223b-4cf6-ac40-fdea77d76bd1)

![image](https://github.com/BrunoTeixeira1996/CVE-2023-36250/assets/12052283/87420f16-432a-4596-9211-bb900fbe9b31)

File Snapshot


 [4.0K]  /data/pocs/bb6aa06599820b22b824bf9088f649cd4b8d271f
└── [ 979]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!