Questions tagged [csv]

comma-separated-value is a basic file format for storing row-column type data. Use this tag for security issues relating to the format itself, or where the fact that the data is csv-formatted is core to the question.

comma-separated-value is a basic file format for storing row-column type data.

While conceptually easy to explain and implement, CSV nonetheless has a full specification in RFC 4180.

6 questions

votes

2 answers

Can a CSV contain malicious code?

I am working with a system that allows users to upload CSV files, that are downloaded by other users. The system validates (amongst other things) that all CSV files can be parsed by an RFC 4180 compliant parser, and are valid UTF-8. It ensures that…

code-execution data-validation csv

asked Jul 12 '17 at 16:35

James_pic

2,520
2
17
22

votes

1 answer

What security implications are involved when using a CSV file to fill a SQL table?

I have some data on CSV files and I want automate the input of this data into an SQL database using Powershell. The data is mostly, if not completely, numbers. I am using a script based on the one found here: SIMPLE POWERSHELL SCRIPT TO BULK LOAD…

sql-injection sql-server powershell csv

asked Jul 31 '19 at 23:54

techguy1029

votes

1 answer

Preventing dangerous CSV Formula Injection

I have a form that takes user input and records them in a table. My form sanitizes user input by deleting certain characters (mentioned below). I can export a CSV of the table, which outputs the cells as it is. The correct way to prevent a CSV…

injection csv

asked Aug 02 '18 at 10:34

isopach

votes

2 answers

File upload attack vectors when file is not saved to disk

I'm curious to know if there are any significant threats presented by files which are uploaded and read but are never saved to disk? I've read countless articles about file uploads regarding storage and retrieval of the file itself but I haven't…

attack-prevention file-upload attack-vector csv

asked Mar 07 '19 at 02:20

user2864874

vote

1 answer

Can ClamAV detect CSV Injection?

I'm allowing users to upload CSV files. Other users can download these files. I'm aware that CSV could be an attack vector. Would a ClamAV (or other AV) scan offer protection against such a file? Any scan would happen only after validating the MIME…

antivirus injection csv

asked Mar 12 '19 at 12:53

Ben

vote

2 answers

What are some examples of injection attacks into databases that abuse common programs besides SQL?

Most data validation deals with SQL injection attacks. My question is, what other types of injection types are there that use common programs, and what are good defenses against them?

sql-injection csv

asked Feb 06 '19 at 23:40

Selkie