If so, click to download 15 days full version for free!
Rarely applications have the requirement of dynamically running user supplied server-side code. In order to implement this requirement, programming languages provide APIs for dynamic interpretation of strings as code.
Let the backend code is similar to the following snippet;
var cscpOptions = new Dictionary() { { "CompilerVersion", "v4.5" } };
var cscp = new CSharpCodeProvider(cscpOptions);
var cpOptions = new[] { "mscorlib.dll", "System.Core.dll" };
var params = new CompilerParameters(cpOptions, "user.exe", true);
params.GenerateExecutable = true;
var codeStr = Request["code"];
CompilerResults results = cscp.CompileAssemblyFromSource(params, codeStr);
The above code executes a C# code as string provided by the user at the backend. Here a malicious user can send any code that runs Operating System commands on the target system, steal information such as database credentials or database itself, etc.
If so, click to buy now for yearly subscriptions!