# ExploitTitle:OracleSiebelCRM8.1.1-CSVInjection
# Date:2018-10-21
# ExploitAuthor:SarathNair aka AceNeon13
# Contact:@AceNeon13
# VendorHomepage: www.oracle.com
# SoftwareLink: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html
# Version:OracleSiebelCRMVersion8.1.1 and below
# PoCExploit:CSVInjection
# VulnerableURL:AllCSVExport functionalities within the CRM application
# Description:SiebelCRM application was found tobe vulnerable toExcelMacro injection vulnerability,
# in places where user input is allowed (in text form) and the input can then be exported in CSV
# form. An attacker can change user information toinclude in his input a malicious excel function.=-2+3+cmd|' /C calc'!D
# The function will then be executed on the victim’s machine,
# once the victim exportsthe details in CSV format and opensthe exported file in MicrosoftExcel.
# Impact:The vulnerability doesn’t target the web application but rather its users.
# A hypothetical attacker could use it, in order totrick other application users into unwillingly
# executing arbitrary malicious code, potentially leading tofull a compromise of their workstation.
# Although excel has implemented certain features toprotect its users
# (the user is asked whether he wants toexecute a potentially harmful external script),
# the user could easily assume that the content can be trusted since the file is
# extracted from a trusted source.
# Solution:DisableCSV export in all list applets and where CSV export is available.
# https://docs.oracle.com/cd/E95904_01/books/Secur/siebel-security-hardening.html#c_Patch_Management_ai1029938a
########################################
# VulnerabilityDisclosureTimeline:2017-November-20:Discovered vulnerability
2017-November-23:VendorNotification2017-November-29:VendorResponse/Feedback2018-October-04:VendorFix/Patch/Workaround2018-October-21:PublicDisclosure
########################################
Warm regards,SarathNair
