Reputation: 23
How to add vulnerability to client side of .NET app which parses CSV files
So, I am working on something and I wanted to know any ideas on how and what kind of vulnerabilities I can add to a CSV parsing .NET app on the client side before I move on to the server side. So basically there needs to be a vulnerability in the parsing logic of the code which can be exploited by opening it in dotpeek. So I wanted some ideas on how to do so. Right now I am at a point where the app can create csv files based on the things we give in the code*(I give the elements in the code)*, and it can also read a csv file, but the problem is for reading csv file the number of "elements" in the csv files should be known. So I needed some ideas for the vulnerability as mentioned above.
Upvotes: 0
Views: 171
Answers (1)
Reputation: 338
DotPeak essentially may retrieve everything since it decompiles the code.
If you want it to be harder use an obfuscator which guards better against decompilation.
One common vulnerability of this is to save hardcoded security information.
Such as db keys, server authentications, user/passwords, etc...
Another classic vulnerability is to read Env variable - so you can add the written CSV file path as an env variable.
You can also add something that will reveal more secret information, for example a configuration key that reveal another header in the CSV if turned on.
Please add more about this exercise, what kind of level are you aiming for, what kind of attacks are you simulating?
Upvotes: 1
Related Questions
- Reading a CSV file in .NET?
- How can I read the Uploaded CSV file without saving it to Server?
- CSV-injection in export functionality in asp.net application
- C# Process CSV file
- Risks in processing a user-provided CSV file
- Reading in a CSV file
- Reading from a csv file and processing it in .net
- How to parse a CSV file in an ASP.NET website?
- how to read data from csv file into C# console Application
- Read csv file client side