So, I am working on something and I wanted to know any ideas on how and what kind of vulnerabilities I can add to a CSV parsing .NET app on the client side before I move on to the server side. So basically there needs to be a vulnerability in the parsing logic of the code which can be exploited by opening it in dotpeek. So I wanted some ideas on how to do so. Right now I am at a point where the app can create csv files based on the things we give in the code*(I give the elements in the code)*, and it can also read a csv file, but the problem is for reading csv file the number of "elements" in the csv files should be known. So I needed some ideas for the vulnerability as mentioned above.
How to add vulnerability to client side of .NET app which parses CSV files
161 Views Asked by Sai Ganesh K At
1
There are 1 best solutions below
Related Questions in C#
- Passing arguments to main in C using Eclipse
- kernel module does not print packet info
- error C2016 (C requires that a struct or union has at least one member) and structs typedefs
- Drawing with ncurses, sockets and fork
- How to catch delay-import dll errors (missing dll or symbol) in MinGW(-w64)?
- Configured TTL for A record(s) backing CNAME records
- Allocating memory for pointers inside structures in functions
- Finding articulation point of undirected graph by DFS
- C first fgets() is being skipped while the second runs
- C std library don't appear to be linked in object file
- gcc static library compilation
- How to do a case-insensitive string comparison?
- C programming: Create and write 2D array of files as function
- How to read a file then store to array and then print?
- Function timeouts in C and thread
Related Questions in .NET
- Does compiler optimize operation on const variable and literal const number?
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- What is this namespace ITypeOfObjectsBoundToListBox ? Couldn't find it
- .net rest service with JSON string and consumed with java client
- What is best way to check if any of the property of object is null or empty?
- Telerik's WPF RadColorPicker NoColorText property not working
- Possible consequences of duplicate ProgId for different classes
- How are multiple requests to Task.Run handled from a resource management standpoint?
- Optimizing C++ call from C#
- Make a per-web-application object available to Web API and SignalR controllers
- System.ComponentModel.DataAnnotations.Schema namespace conflict
- LINQ Except/Distinct based on few columns only, to not add duplicates
- Not displaying content by its URL string - absolute urls
Related Questions in CSV
- CSV to XML XSLT: How to quote excape
- Django invalid literal for int() with base 10:
- PHPExcel date formatting in strange numbers
- TextToColumns function uses wrong delimiter
- How to find specific row in Python CSV module
- Read geoip data from database or binary file. Which is faster?
- How to fill new columns in a csv file through command line
- Summing a csv column in Python; issues with integers and strings
- How do I remove the extra commas and get the correct format of output csv file
- CSV(having extra quotes in field value) to array in ColdFusion
- Issue with Outputting data from CSV File
- Select set of all values stored in a VARCHAR based CSV field
- CSV displaying wrong in mac
- How to use Papa Parse for javascript csv parsing
- MSSQL Bulk Insert CSV - Multiple columns include commas
Related Questions in CSVHELPER
- Mapping an IEnumerable property with CSVHelper
- Reading only headers from csv
- How to convert empty string to null while reading CSV records?
- Parsing csv records depending upon field values seperation
- CsvHelper Parser.Read() not splitting columns
- How do you ignore Whitespace when using CsvHelper, CsvReader.Read()?
- Wrong byte-length when using csvhelper and memorystream
- Is is possible to serialize fields (not just properties) with CsvHelper?
- Adding detectable Nullable values to CsvHelper
- Csvhelper - read / get a single column of all rows?
- CsvHelper creating blank files
- Why my csv file doesn't pass the internal CSVHelper test?
- csvhelper mapping a field from a different item in the row
- Error when read text from .csv fie in c# by using CsvHelper
- CSVHelper cannot convert empty float values to string
Related Questions in DOTPEEK
- .NET decompiled assembly has an '&' after the type producing build error
- Is Jetbrains dotPeek giving me a warning about my code?
- How to create whole solution from published files of an asp.net core 3.1 project?
- What does it mean in terms of C#?
- Dotpeek recompile decompiled files
- System.Linq.Queryable.dll cannot be Decompiled
- How I can see the Async state machine (async/await under the hood) with the help of DotPeek?
- JetBrains dotPeek IDE unable to decompile code for Entity Framework select statement
- DotPeek: cannot see compiler-generated code
- Debugging an obfuscated .NET core application with DotPeek
- Using dotPeek, I would like to see the full structure of the UnityEngine namespace
- Full of hex codes in ILSpy, dNSpy, dotPeek
- Remove Header from DotPeek files
- How to add vulnerability to client side of .NET app which parses CSV files
- dotPeek - Export of .NET Core .dll to .csproj produces a .NET Framework application
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
DotPeakessentially may retrieve everything since it decompiles the code.If you want it to be harder use an
obfuscatorwhich guards better against decompilation.One common vulnerability of this is to save
hardcodedsecurity information.Such as db keys, server authentications, user/passwords, etc...
Another classic vulnerability is to read
Env variable- so you can add the written CSV file path as anenv variable.You can also add something that will reveal more secret information, for example a configuration key that reveal another header in the CSV if turned on.
Please add more about this exercise, what kind of level are you aiming for, what kind of attacks are you simulating?