SANS has published a story on an attack that bypassed a .NET/ASP web front end and poked a local escalation. The tools mentioned can be found: Churrasco (has the full description), Churrasco2 (updated for win2008), and ASPXSpy (.NET webshell). Note that McAfee AV does detect the file aspxspy.aspx as naughty.

…developers wonder why I don’t let their apps write locally…or publish directly since my replication removes rogue files automagically…