Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

"ChurchCRM 4.2.0 - CSV/Formula Injection"

Author

Exploit author

"Mufaddal Masalawala"

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-12-02

                
                    
                         Download file
                    
                
            
#Exploit Title: ChurchCRM 4.2.1- CSV/Formula Injection
#Date: 2020- 10- 24
#Exploit Author: Mufaddal Masalawala
#Vendor Homepage: https://churchcrm.io/
#Software Link: https://github.com/ChurchCRM/CRM
#Version: 4.2.0
#Payload:  =10+20+cmd|' /C calc'!A0
#Tested on: Kali Linux 2020.3
#Proof Of Concept:
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in
List Event Types feature in ChurchCRM v4.2.0 via Name field that is
mistreated while exporting to a CSV file.
To exploit this vulnerability:

   1. Login to the application, goto 'Events' module and then "List Event
   Types"
   2. Edit any event and inject the payload =10+20+cmd|' /C calc'!A0 in the
   'Name' field
   3. Now goto 'List Event types' module and click CSV to download the CSV
   file
   4. Open the CSV file, allow all popups and our payload is executed
   (calculator is opened).

Release Date	Title	Type	Platform	Author
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"

Release Date	Title	Type	Platform	Author
2020-12-02	"Student Result Management System 1.0 - Authentication Bypass SQL Injection"	webapps	multiple	"Ritesh Gohil"
2020-12-02	"EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting"	webapps	multiple	"Soushikta Chowdhury"
2020-12-02	"Under Construction Page with CPanel 1.0 - SQL injection"	webapps	multiple	"Mayur Parmar"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF"	webapps	multiple	"Hardik Solanki"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Expense Management System - 'description' Stored Cross Site Scripting"	webapps	multiple	"Nikhil Kumar"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass"	webapps	multiple	"Aakash Madaan"

Release Date	Title	Type	Platform	Author
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"	webapps	php	"Mufaddal Masalawala"
2020-12-01	"Tendenci 12.3.1 - CSV/ Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-11-10	"Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection"	webapps	php	"Mufaddal Masalawala"
2020-09-07	"grocy 2.7.1 - Persistent Cross-Site Scripting"	webapps	php	"Mufaddal Masalawala"

import requests

response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49171/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Search for hundreds of thousands of exploits

"ChurchCRM 4.2.0 - CSV/Formula Injection"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.