So, I am working on something and I wanted to know any ideas on how and what kind of vulnerabilities I can add to a CSV parsing .NET app on the client side before I move on to the server side. So basically there needs to be a vulnerability in the parsing logic of the code which can be exploited by opening it in dotpeek. So I wanted some ideas on how to do so. Right now I am at a point where the app can create csv files based on the things we give in the code*(I give the elements in the code)*, and it can also read a csv file, but the problem is for reading csv file the number of "elements" in the csv files should be known. So I needed some ideas for the vulnerability as mentioned above.
How to add vulnerability to client side of .NET app which parses CSV files
141 Views Asked by Sai Ganesh K At
1
There are 1 best solutions below
Related Questions in C#
- Jruby: How to use third party java library?
- How do I update create route from rails 3 to 4
- Can't update user in Ruby on Rails
- Rails Ancestry. How can I display a single comment with all its descendants?
- LinkedIn API returns Positions without Title
- Catch emails to all [email protected], and execute code
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- How do I clear values from text_field_tag after browser refresh?
- Rails submit create action succeeding
- f.select with enum in rails 3
Related Questions in .NET
- Jruby: How to use third party java library?
- How do I update create route from rails 3 to 4
- Can't update user in Ruby on Rails
- Rails Ancestry. How can I display a single comment with all its descendants?
- LinkedIn API returns Positions without Title
- Catch emails to all [email protected], and execute code
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- How do I clear values from text_field_tag after browser refresh?
- Rails submit create action succeeding
- f.select with enum in rails 3
Related Questions in CSV
- Jruby: How to use third party java library?
- How do I update create route from rails 3 to 4
- Can't update user in Ruby on Rails
- Rails Ancestry. How can I display a single comment with all its descendants?
- LinkedIn API returns Positions without Title
- Catch emails to all [email protected], and execute code
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- How do I clear values from text_field_tag after browser refresh?
- Rails submit create action succeeding
- f.select with enum in rails 3
Related Questions in CSVHELPER
- Jruby: How to use third party java library?
- How do I update create route from rails 3 to 4
- Can't update user in Ruby on Rails
- Rails Ancestry. How can I display a single comment with all its descendants?
- LinkedIn API returns Positions without Title
- Catch emails to all [email protected], and execute code
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- How do I clear values from text_field_tag after browser refresh?
- Rails submit create action succeeding
- f.select with enum in rails 3
Related Questions in DOTPEEK
- Jruby: How to use third party java library?
- How do I update create route from rails 3 to 4
- Can't update user in Ruby on Rails
- Rails Ancestry. How can I display a single comment with all its descendants?
- LinkedIn API returns Positions without Title
- Catch emails to all [email protected], and execute code
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- How do I clear values from text_field_tag after browser refresh?
- Rails submit create action succeeding
- f.select with enum in rails 3
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
DotPeakessentially may retrieve everything since it decompiles the code.If you want it to be harder use an
obfuscatorwhich guards better against decompilation.One common vulnerability of this is to save
hardcodedsecurity information.Such as db keys, server authentications, user/passwords, etc...
Another classic vulnerability is to read
Env variable- so you can add the written CSV file path as anenv variable.You can also add something that will reveal more secret information, for example a configuration key that reveal another header in the CSV if turned on.
Please add more about this exercise, what kind of level are you aiming for, what kind of attacks are you simulating?