CVE-2017-9822

This repository provides a detailed proof-of-concept for CVE-2017-9822, a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0. It includes payloads for both detection (safe mode) and exploitation (aggressive mode) using YSoSerial.net to achieve remote code execution via malicious cookie manipulation.

This repository provides a detailed writeup and analysis of CVE-2017-9822, a critical RCE vulnerability in DotNetNuke (DNN) versions prior to 9.1.1. The vulnerability involves insecure deserialization of the DNNPersonalization cookie, leading to remote code execution.

This repository provides a detailed analysis of CVE-2017-9822, an XXE/Insecure Deserialization vulnerability in DotNetNuke (DNN) leading to RCE via cookie manipulation. It includes debugging steps and payload creation but lacks a full exploit PoC.

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. It leverages the DNNPersonalization cookie to execute arbitrary code by manipulating XML-based profile data during deserialization.

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC by crafting a malicious DNNPersonalization cookie, leading to remote code execution. The exploit leverages the ObjectStateFormatter deserialization gadget chain to execute arbitrary commands.