I am currently testing a web application on which a user can generate a CSV.
I managed to CSV injection data with a payload such as
I'm now trying to create a "more dangerous" payload, and I see many references online that use the following:
=cmd|' /C calc'!A0
However, I can't find a way to have such a payload trigger. I always get one
#REF! Error. Is such an attack still possible in 2020? Or has Microsoft implemented a mitigation for these attacks?
Excel for Office 365 version 1902