I'm curious what damage someone could do with just access to the System.dll namespace in C#.
I was playing around with dynamic code compiling and created a simple website which allows me to type in C# code. This is passed via web service to a class which complies and runs the code in a new thread and returns (code must return a string) the result via the WS and is displayed on the web page.
Right now I have a simple check to abort the thread if it runs for more than 5 seconds to ensure something simple like an infinite loop won't crash things.
"Hypothetically" speaking if I published this web application could someone do serious/any damage to a web server with just access to System.dll?
**bonus points for some sort of example! :)