C Sharp Razor Parse User Input
Description
Identifies server-side template injection vulnerabilities in C# applications where untrusted user input is passed directly to Razor.Parse(). This vulnerability could allow attackers to inject malicious templates that execute server-side code, potentially leading to remote code execution.
Detection Strategy
• Look for calls to methods ending with 'Razor.Parse' in C# code
• Check if the first argument passed to Razor.Parse comes from user input or other untrusted sources
• Report a vulnerability if the template string being parsed is derived from unsafe/unvalidated input
• Consider the code vulnerable if there is no proper input validation or sanitization before the Razor.Parse call
Vulnerable code example
using System.Web;
using RazorEngine;
public class RazorExample
{
public void ProcessTemplate(HttpRequest request)
{
string userTemplate = request.QueryString["template"]; // Unsafe: Direct user input from query string...✅ Secure code example
using System;
using System.Web;
using System.Web.Mvc;
using RazorEngine;
public class RazorExample : Controller
{
public ActionResult ProcessTemplate(HttpRequest request)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.