Code injection in ASP.NET is not a well known issue. It is because in ASP.NET, code files are not inserted one into another dynamically (like in PHP). Programmers can only register controls in the web.config file or on a page. But dynamic code injection in ASP.NET is still possible. The aim is to insert C# (or VB.NET, etc.) code that is executed directly.
The attacker can achieve this in the following situations:
- When you use the ProcessStartInfo class in your code and execute commands which are put together from external sources.
- When your virtual path provider is able to read files from different servers, and parameters are taken from an external source.
- When you load a control dynamically and the source of the control is loaded from an external source.
The attacker can also manage to insert a file with code into your application directory.