Skip to content

Instantly share code, notes, and snippets.

Created April 14, 2017 13:14
What would you like to do?
Simple ASPX application (vulnerable to OS command injections)
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">
void Page_Load(object sender, EventArgs e){
string ExcuteCmd(string arg){
ProcessStartInfo psi = new ProcessStartInfo();
psi.FileName = "cmd.exe";
psi.Arguments = "/c ping -n 2 " + arg;
psi.RedirectStandardOutput = true;
psi.UseShellExecute = false;
Process p = Process.Start(psi);
StreamReader stmrdr = p.StandardOutput;
string s = stmrdr.ReadToEnd();
return s;
void cmdExe_Click(object sender, System.EventArgs e){
<title>ASP.NET Ping Application</title>
<form id="cmd" method="post" runat="server">
<asp:Label id="lblText" runat="server">Command:</asp:Label>
<asp:TextBox id="addr" runat="server" Width="250px">
<asp:Button id="testing" runat="server" Text="excute" OnClick="cmdExe_Click">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment