The `TemplateParser` is fundamental in ASP.NET Web Forms. It is used for parsing different ASP.NET source files such as `*.aspx` and for parsing other input from various sources, including user provided data. In this two part series we will take a deep look into `TemplateParser` internals, its capabilities, and how they can be exploited. This knowledge is then applied in the field to demonstrate Remote Code Execution vulnerabilities in Sitecore (CVE-2023-35813) and SharePoint (CVE-2023-33160).
