CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or LibreOffice Calc is used to open a CSV, any cells starting with ‘=’ will be interpreted by the software as a formula. …

A short time ago, I had to set up a private Burp Collaborator Server to avoid possible leaks of my client´s sensitive information. I want to clarify that this guide is based on the one written by Fabio Pires, all merit is yours.

If you work with Burp and do…

👋 Hi again, guys

Lately, I am dedicating my little free time to audit open source software, mainly those that are web-based.

This time, I want to share with you some Cross-Site Request Forgery (CSRF) that I found in PHP Server Monitor 3.3.1

👋 Hi guys,

Today, I share with you the CVE-2018–18922. This CVE it is associated with the vulnerability I found in Ticketly 1.0 and it allows an attacker to create an admin account through POST request without the need of being logged in the application 😉.

Although Exploit-DB has added…

LibreNMS is an autodiscovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

📅 Discover by Javier Olmedo on 08/09/2018

💣 Public disclosure on 19/10/2018

🐛 CVE-2018–15917

🔗 Software link Libre…

Javier Olmedo

Security Researcher & Ethical Hacker - Author blog

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store