Skip to main content

Posts

Showing posts from September, 2018

CSV Injection in https://***.monday.com/admin/my-team/my-team

Hay, Few day ago in monday.com while i am finding bug, i seen that they have CSV Export system then i am trying to use payload on my name then i export it but when i download the CSV file it not executing Calculator after that i have noticed that there are also other item like title, phone, skype , location and then i am able to reproduce that these item are affected. # Affected Item  title  Phone Skype  Location # Video Note:  Guys please don't waste your time to find bug on monday.com because they are shit, they don't care about bugs -_- Reference: https://www.owasp.org/index.php/CSV_Injection