Your cart is empty.
I’ve been doing the local usergroup circuit with this lately and have been asked to write it up.
In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV.
That is just about every application.
Edit: Credit where due, I’ve been pointed to this article from 2014 by an actual security pro which discusses some of these vectors . And another one .Edit:
So let’s set the scene - imagine a time or ticket tracking app. Users enter their time (or tickets) but cannot view those of other users. A site administrator then comes along and exports entries to a csv file, opening it up in a spreadsheet application. Pretty standard stuff.
So we all know csv files. Their defining characteristic is that they are simple. These exports might look like this
Simple enough. Nothing dangerous there. Heck the even states:
CSV files contain passive text data that should not pose any risks.
So even by specification, it should all be fine.
Hey, just for fun let’s try something, let’s modify our CSV file to the following
Huh…well that’s odd. Even though that cell was quoted it seems to have been interpreted as a formula just because the first character was an
symbol. In fact - in Excel at least - any of the symbols
will trigger this behavior causing lots of fun times for adminstrators whose data just doesn’t seem to format correctly (this is actually what brought my attention first to the issue). That’s strange, but not downright
Well hold on, a formula is code that executes. So a user can cause code - even if its only formula code - to execute on an administrator’s machine in their user’s security context.
What if we change our csv file to this then? (Note the Description column on the last line)
What’s going to happen when we open up in Excel?
Yup, that’s right, the system calculator opens right on up.
Now to be fair, there is absolutely a warning . It’s just that the warning is a big block of text, which nobody is going to read. And even if they do, it explicitly recommends:
- Apr. 3rd 2018 1:30 pm ET
Electric vehicle startup NIOis emerging as a serious competitor in the EV space and illustrating that, the company opened its first service center right next to Tesla’s inBeijing as it’s about to deliver its first cars.
China’s demand for SUVs is increasing rapidly and it is extending to electric SUVs, which made Tesla’s Model X a very popular vehicle in the country despite its higher price due to import duties slapped on all of Tesla’s vehicles.
Now NIO, which is emerging as one of the most well-funded new Chinese EV startups, is bringing its first production vehicle to market, the NIO ES8, a cheaper all-electric SUV to try to capture some of that demand for electric SUVs.
They are about to deliver their firstNIO ES8 vehicles and they are opening their first service right next to Tesla’s inBeijing.
Here’s a gallery of images of the new facility (via JayinShanghai):
When NIO first launched theES8, theysaid that the vehicle isa full size 7-seater electric SUV with a 70 kWh battery pack enabling 355 km (220 miles) of NEDC-rated range, which should result in closer to 200 miles of real-world range.
The first 10,000 ES8 vehicles will be the “Founder Edition” with a starting price of RMB 548,000 (~$83,000 USD) before incentives.
But the price of those“Founder Edition” vehicles doesn’t matter much since NIO claims that they are already all sold out.
The standard ES8 starts at RMB 448,000 (~$68,000 USD) or RMB 375,400 ($57,000) after govt. incentives, which represents roughly half the price of the Tesla Model X in China.
But NIO also offers a battery renting structure, similar to Renault’s ZOE battery scheme, which lowers the upfront price of the vehicle to RMB 275,400 (~$42,000 USD).
The battery renting fee is not cheap at RMB 1,280 (~$2o0 USD) per month, but it also gives owner access to a battery swap system to get more range quickly.
We will follow the rollout and early customer response to theES8. If you are in line to get one or you know someone whois, let us know.
Fred is the Editor in Chief and Main Writer at Electrek.
You can send tips on Twitter (DMs open) or via email: [email protected]
If you want to help Fred and Electrek, you can contribute to our Patreon: https://www.patreon.com/electrek
Reunited with her lover, Phyla went right back into cosmic chaos, Phyla and Moondragon found themselves on a dire mission to save the Kree race from immanent destruction, which was being caused by the techno-organic invaders known as the
nike nike free trainer 5 v6 suv
. The two women warriors sought to find a powerful wizard that possessed the power to defeat the Phalanx. Before they could get off to a decent start on their quest, the woman adventurers were confronted by the Super-Adaptoid , who had been transformed into a Phalanx Select . Although the Adaptoid was viciously aggressive and cunning he was easily defeated. Phyla eventually found a cocoon that possessed the rejuvenating body of Adam Warlock , the phalanx were also in search of the Warlock and a battle ensued that eventually ended with Warlock being awakened prematurely and in a mentally unstable state. Phyla, Warlock and Moondragon managed to escape to a secret laboratory occupied by the High Evolutionary. There Phalanx attackers tracked them to the laboratory and Moondragon was slain by their leader Ultron . In a rage of passion Phyla lunged into battle, although she was persuaded by the High Evolutionary to retreat. Ultron and the Phalanx were eventually defeated and Phyla joined a new peace keeping teamed formed by Star-Lord . The team would later take on the name of the Guardians of the Galaxy and they utilized Knowhere as their base of operations.
Discovering that Star-Lord had
nike free run 2 black black
telepathically manipulate their minds to facilitate the formation of the Guardians most of the group quit. Phyla and Drax had already left in search of the young Earth girl Cammi , Drax’s former companion who has not been seen since the end of the first Annihilation catastrophe. While they questioned the inhabitants of an unidentified planet, a fortune teller revealed that there was a Great War of Kings about to take place and it might the reason for their being on this particular planet. Upset and annoyed with the woman’s distraction they began to walk away when she asked, was it the girl that they were looking for? The woman went to revealed that there was a chance for them to save Heather (Moondragon) from eternal death. Their search for her led them to the moon of Saturn also known as Titan . While on Titan they confronted Mentor, Moondragon’s step-father, who quickly murdered them both, so that their spirits could pass beyond the barrier of death into the realm of Oblivion , where Moondragon was trapped in the belly of the Dragon of the Moon . While in Oblivion's realm Phyla and Drax were approached by the malevolent trickster nike air jordan 1 idealogin
who was desperate to escape Oblivion. He took possession of the Phyla’s Quantum Bands, and used Phyla and Drax as sacrificial offerings to the Dragon of the Moon for passage out of Oblivion. Phyla was dropped into the mouth of the beast, but by unknown means was able to emerge from the monster transformed and possessing new powers. Wendell Vaughn had come to her rescue but was astound that she was free. He did manage to retrieve the Quantum Bands form Maelstrom, although Phyla refused to wear them again. She later revealed that she would be known as Martyr for now on.
Played zombie apocalypse for the first and it was amazing! We will be back!
Will definitely do it again. What a cool experience!
Decided to try this for the first time with my hubby for our anniversary. We had a great time we ... read more also had a great group of strangers working with us. Definitely will be trying these more often. Great job, had a blast.
This was an awesome experience... going to do it again!
Had an amazing time with my husband. Can't wait to go again with friends.
Awesome! We failed but had a great time! The decor was fantastic!
Had a good time with the hubby. It was a great challange, we've been to other escape rooms where ... read more the game itself was boring and didn't really make us think. The Captive room was a challenge but a good challenge. I think we went over our limit with the clues they gave us but overall, it was a good time. The rooms had a creepy scary feel about them. Everytime we asked for a clue, I jumped from the screams! Well done! We will definitely be back for your sub room!
Very fun family experience. Definitely not easy. Looking forward to going back to the murder room!
We have done a few escape rooms and we agreed this was best one so far! Very logical, but ... read more not easy. The unlimited clues help greatly, but we still failed on last part of room...not to give it away. Hard to find location in the back of the complex....don't give up...follow the yellow signs. Well worth it!
Was our first time, didn't know what to expect. My husband and I were the only two so it ... read more was hard but we did get 3 doors open. We are going back with a group so they can help.
Had a great time will definitely come back to do it again
I can't wait for them to finish making the next room already done both room failed both but it was ... read more fun each time .. best experience ever .. glad we all were a lil tipy made it ever funnier ... Lol hurry up and finish the next room we trying to make this something to do on a monthly trip .. my job wants to plan a trip over there also lol
had so much fun!! loved it!! definitely would recommend to try it out!
A wonderful experience. So much fun. A must try for everyone!!!
The captive escape room was fun! Not easy but not too hard either if you're really paying attention which ... read more I suggest! We escaped with 5mins left! Can't wait to come back to do maritime!
Analyser Services Trinidad Ltd. 25 Exchange Lots Couva Trinidad, West Indies Tel: (868) 679 3839 / 636 6576/ 222 5165 / 222 5174 Fax: 868 679 3840 [email protected]