2024-10-23 11:59:18 +00:00
# Server Side Template Injection - ASP.NET
## Summary
- [ASP.NET Razor ](#aspnet-razor )
- [ASP.NET Razor - Basic injection ](#aspnet-razor---basic-injection )
- [ASP.NET Razor - Command execution ](#aspnet-razor---command-execution )
2024-11-03 19:54:01 +00:00
- [References ](#references )
2024-10-23 11:59:18 +00:00
## ASP.NET Razor
[Official website ](https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/introducing-razor-syntax-c )
2024-11-03 19:54:01 +00:00
2024-10-23 11:59:18 +00:00
> Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.
2024-11-03 19:54:01 +00:00
2024-10-23 11:59:18 +00:00
### ASP.NET Razor - Basic injection
```powershell
@(1+2)
```
### ASP.NET Razor - Command execution
```csharp
@{
// C# code
}
```
2024-11-03 19:54:01 +00:00
## References
- [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - April 15, 2020 ](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI )-in-ASP.NET-Razor/)