A couple of days ago the Ruby on Rails world got shocked by an old bug (or feature?) that could cause massive security issues sometimes. You can read about it here . While reading about this vulnerability, I figured out that ASP.NET MVC worked in a very similar way… would it reproduce in an ASP.NET MVC environment? well, of course! The Problematic Feature ASP.NET MVC has this very convenient way of getting parameters from the request named Model Binding. The very simple example of Model Binding is...