.. / CVE-2017-9822

Exploit for DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution (CVE-2017-9822)

Description:

DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.

Nuclei Template

View the template here CVE-2017-9822.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-9822.yaml
Copy

References:

http://www.dnnsoftware.com/community/security/security-center
https://nvd.nist.gov/vuln/detail/CVE-2017-9822
https://github.com/xbl3/awesome-cve-poc_qazbnm456
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
https://github.com/murataydemir/CVE-2017-9822