This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a “type” attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it attempts to load the current user’s profile data. This occurs when DNN is configured to handle 404 errors with its built-in error page (default configuration). An attacker can leverage this vulnerability to execute arbitrary code on the system.

---

Filed under: exploit - @ April 3, 2020 2:13 pm