**Summary:** The application at ```https://████████``` presents a deserialization vulnerability that permits RCE and file read/write ## Step-by-step Reproduction Instructions 1. Navigate to a random page that must return a 404 Error status like ```https://████/test``` 2. Add this cookie in the request header: ```DNNPersonalization``` 3. Insert the payload into the ```DNNPersonalization``` cookie. You can generate a payload with the following tool https://github.com/pwntester/ysoserial.net, using the DotNetNuke plugin, or use the official exploit from here: https://www.exploit-db.com/exploits/48336, or use the following payload to read a file from the system: ``` WriteFile test ``` Where ```test``` is the wanted file Expected result: ████ ## Product, Version, and Configuration (If applicable) Platform: https://████████/shell.aspx Vulnerable Product: DotNetNuke Vulnerable Version: < 9.3.0-RC ## Suggested Mitigation/Remediation Actions Update the DotNetNuke (DNN) product to the latest version or to a more recent version that is not vulnerable ## Impact An attacker can execute remote commands on the system and gain unauthorized access to it.

U.S. Dept Of Defense: Remote Code Execution through DNN Cookie Deserialization