I did a web app pen test a few months ago where I ended up finding a server-side formula injection vulnerability. Really odd as normally formula injections are client-side.
While doing research on trying to find a way to perform command injection, I compiled a wordlist for future engagements.
If you’re wondering, I was not able to perform command injection, just SSRF, internal directory disclosure and general formulas.
Anyway, I added the wordlists to TreeHouse Wordlists.
This one with context found HERE
This one without context found HERE