Payloads All The Things

Server Side Template Injection - ASP.NET

Payloads All The Things

Payloads All The Things
CONTRIBUTING
API Key Leaks
API Key Leaks
- API Key and Token Leaks
- IIS Machine Keys
Account Takeover
Account Takeover
- Account Takeover
- MFA Bypasses
Business Logic Errors
Business Logic Errors
- Business Logic Errors
CORS Misconfiguration
CORS Misconfiguration
- CORS Misconfiguration
CRLF Injection
CRLF Injection
- Carriage Return Line Feed
CSV Injection
CSV Injection
- CSV Injection
CVE Exploits
CVE Exploits
- Common Vulnerabilities and Exposures
- CVE-2021-44228 Log4Shell
Clickjacking
Clickjacking
- Clickjacking
Client Side Path Traversal
Client Side Path Traversal
- Client Side Path Traversal
Command Injection
Command Injection
- Command Injection
Cross Site Request Forgery
Cross Site Request Forgery
- Cross-Site Request Forgery
DNS Rebinding
DNS Rebinding
- DNS Rebinding
DOM Clobbering
DOM Clobbering
- DOM Clobbering
Denial of Service
Denial of Service
- Denial of Service
Dependency Confusion
Dependency Confusion
- Dependency Confusion
Directory Traversal
Directory Traversal
- Directory Traversal
File Inclusion
File Inclusion
- File Inclusion
Google Web Toolkit
Google Web Toolkit
- Google Web Toolkit
GraphQL Injection
GraphQL Injection
- GraphQL Injection
HTTP Parameter Pollution
HTTP Parameter Pollution
- HTTP Parameter Pollution
Headless Browser
Headless Browser
- Headless Browser
Hidden Parameters
Hidden Parameters
- HTTP Hidden Parameters
Insecure Deserialization
Insecure Deserialization
Insecure Direct Object References
Insecure Direct Object References
- Insecure Direct Object References
Insecure Management Interface
Insecure Management Interface
- Insecure Management Interface
Insecure Randomness
Insecure Randomness
- Insecure Randomness
Insecure Source Code Management
Insecure Source Code Management
JSON Web Token
JSON Web Token
- JWT - JSON Web Token
Java RMI
Java RMI
- Java RMI
LDAP Injection
LDAP Injection
- LDAP Injection
LaTeX Injection
LaTeX Injection
- LaTeX Injection
Mass Assignment
Mass Assignment
- Mass Assignment
Methodology and Resources
Methodology and Resources
NoSQL Injection
NoSQL Injection
- NoSQL Injection
OAuth Misconfiguration
OAuth Misconfiguration
- OAuth Misconfiguration
ORM Leak
ORM Leak
- ORM Leak
Open Redirect
Open Redirect
- Open URL Redirection
Prompt Injection
Prompt Injection
- Prompt Injection
Prototype Pollution
Prototype Pollution
- Prototype Pollution
Race Condition
Race Condition
- Race Condition
Regular Expression
Regular Expression
- Regular Expression
Request Smuggling
Request Smuggling
- Request Smuggling
SAML Injection
SAML Injection
- SAML Injection
SQL Injection
SQL Injection
Server Side Include Injection
Server Side Include Injection
- Server Side Include Injection
Server Side Request Forgery
Server Side Request Forgery
- Server-Side Request Forgery
Server Side Template Injection
Server Side Template Injection
- Server Side Template Injection
- Server Side Template Injection - ASP.NET Server Side Template Injection - ASP.NET
  Table of contents
- Server Side Template Injection - Expression Language
- Server Side Template Injection - Java
- Server Side Template Injection - JavaScript
- Server Side Template Injection - PHP
- Server Side Template Injection - Python
- Server Side Template Injection - Ruby
Tabnabbing
Tabnabbing
- Tabnabbing
Type Juggling
Type Juggling
- Type Juggling
Upload Insecure Files
Upload Insecure Files
- Upload Insecure Files
- Configuration Apache .htaccess
  Configuration Apache .htaccess
  - .htaccess
Web Cache Deception
Web Cache Deception
- Web Cache Deception
Web Sockets
Web Sockets
- Web Sockets
XPATH Injection
XPATH Injection
- XPATH Injection
XSLT Injection
XSLT Injection
- XSLT Injection
XSS Injection
XSS Injection
XXE Injection
XXE Injection
- XML External Entity
Zip Slip
Zip Slip
- Zip Slip
LEARNING AND SOCIALS
LEARNING AND SOCIALS
- Books
- Twitter
- Youtube
template vuln
template vuln
- Vulnerability Title

Server Side Template Injection - ASP.NET

Server-Side Template Injection (SSTI) is a class of vulnerabilities where an attacker can inject malicious input into a server-side template, causing the template engine to execute arbitrary code on the server. In the context of ASP.NET, SSTI can occur if user input is directly embedded into a template (such as Razor, ASPX, or other templating engines) without proper sanitization.

Summary

ASP.NET Razor
- ASP.NET Razor - Basic injection
- ASP.NET Razor - Command execution
References

ASP.NET Razor

Official website

Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.

ASP.NET Razor - Basic injection

@(1+2)

ASP.NET Razor - Command execution

@{
  // C# code
}

References

Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - April 15, 2020