DotNetNuke

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)

Cristian Cornea

Published at: 10 Jun 2020

DotNetNuke

How to exploit the DotNetNuke Cookie Deserialization

Discover our ethical hacking toolkit and all the free tools you can use!

One of EMEA's fastest-growing tech companies

Independently audited company-wide ISMS

50,000+ security folks are here. Are you?

Security leaders trust what they can prove