Server Side Template Injection lead to RCE ASP.NET RazorEngine

## CVE ID(s)

I've only tested this on a sample project but from this simple [code search](https://github.com/search?q=RazorEngine.Parse&type=code) I suspect there are vulnerable projects out there. I'd helpful to see if I can make more robust the query after the initial findings.

## Report

Server Side Template Injection in ASP.NET MVC RazorEngine leads to Remote Code Execution vulnerabilities. 

More info: [Server Side Template Injection (SSTI) in ASP.NET Razor](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)

PR: [#4313](https://github.com/github/codeql/pull/4313)

- [ ] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
 
Yes, this is part of a two post series about ASP.NET MVC vulnerabilities and taint tracking with CodeQL.

## Result(s)

* You can test this query against the following sample project: [RazorVulnerableApp](https://github.com/cnotin/RazorVulnerableApp/)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Server Side Template Injection lead to RCE ASP.NET RazorEngine #182

CVE ID(s)

Report

Result(s)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Server Side Template Injection lead to RCE ASP.NET RazorEngine #182

Description

CVE ID(s)

Report

Result(s)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions