497fbe925b
Replace direct URLs in Markdown references with their web.archive.org equivalents to prevent link rot.
1.3 KiB
1.3 KiB
Server Side Template Injection - ASP.NET
Server-Side Template Injection (SSTI) is a class of vulnerabilities where an attacker can inject malicious input into a server-side template, causing the template engine to execute arbitrary code on the server. In the context of ASP.NET, SSTI can occur if user input is directly embedded into a template (such as Razor, ASPX, or other templating engines) without proper sanitization.
Summary
ASP.NET Razor
Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.
ASP.NET Razor - Basic Injection
@(1+2)
ASP.NET Razor - Command Execution
@{
// C# code
}