Stratum Security Blog
Sign in Subscribe
Phil Thomas

Phil Thomas

Code Injection to RCE with .NET

During a security assessment for a client’s web application, I encountered a feature that allowed users to define templates containing expressions, specifically for operations related to mathematics, logic, and strings. These templates contained expressions that were vulnerable to Code Injection and, subsequently, Remote Command Execution. Overview of the Application
29 Apr 2024 4 min read
Page 1 of 1
Stratum Security Blog © 2025
Powered by Ghost