Example of ASP.NET WebForms 4.5 application with uploading files vulnerability.
- Download source code and open with Visual Studio 2013
- Run
- Upload HackPage.aspx and HackPage.aspx.cs
- Go to http://localhost:56023/public/hackpage
- Enjoy!
- Always you should restrict file extensions.
- Move upload files out of web root or an a third party cloud base storage like Azure Storage or Amazon S3...