Tags
DotNetNuke
DotNetNuke (DNN) is an ASP.NET-based CMS, vulnerable to various exploits, making it a key target for malicious actors.
DotNetNuke: XSS to RCE (CVE-2026-40321)
DotNetNuke (DNN) might be a leading CMS in the Microsoft ecosystem, but a routine test on an older version accidentally led us straight to a brand-new 0-day. In this write-up, we escalate a simple Stored XSS vulnerability into a full Remote Code Execution (RCE) chain (CVE-2026-40321). Read the full article to see how we smuggled payloads inside SVG files, weaponized DNN's internal messaging to spear-phish admins, and seamlessly dropped an ASPX backdoor right into the server root
- Author(s)
- Published at
- Updated at
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Author(s)
- Published at
- Updated at
