mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 14:52:53 +00:00
1.2 KiB
1.2 KiB
Server Side Template Injection - ASP.NET
Server-Side Template Injection (SSTI) is a class of vulnerabilities where an attacker can inject malicious input into a server-side template, causing the template engine to execute arbitrary code on the server. In the context of ASP.NET, SSTI can occur if user input is directly embedded into a template (such as Razor, ASPX, or other templating engines) without proper sanitization.
Summary
ASP.NET Razor
Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.
ASP.NET Razor - Basic injection
@(1+2)
ASP.NET Razor - Command execution
@{
// C# code
}