Asp

Server-Side Template Injection (SSTI) is a class of vulnerabilities where an attacker can inject malicious input into a server-side template, causing the template engine to execute arbitrary code on the server. In the context of ASP.NET, SSTI can occur if user input is directly embedded into a template (such as Razor, ASPX, or other templating engines) without proper sanitization.

Summary

ASP.NET Razor
- ASP.NET Razor - Basic Injection
- ASP.NET Razor - Command Execution
References

ASP.NET Razor

Official website

Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.

ASP.NET Razor - Basic Injection

@(1+2)

ASP.NET Razor - Command Execution

@{
  // C# code
}

References

Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - April 15, 2020

Last updated 5 months ago

hashtagSummary

hashtagASP.NET Razor

hashtagASP.NET Razor - Basic Injection

hashtagASP.NET Razor - Command Execution

hashtagReferences

Summary

ASP.NET Razor

ASP.NET Razor - Basic Injection

ASP.NET Razor - Command Execution

References