cbcvebase.
CVE-2017-0929
published 2018-07-03

CVE-2017-0929: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access…

PriorityP277high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.54%
95.7th percentile
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

Affected

3 ranges
VendorProductVersion rangeFixed in
dnnsoftwarednn.platform< 9.13.89.13.8
dnnsoftwaredotnetnuke< 9.2.09.2.0
dnnsoftwaredotnetnuke< 9.13.89.13.8

Detection & IOCsextracted from sources · hover to see the quote

url/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}
path/DnnImageHandler.ashx
  • Detect SSRF exploitation attempts against DnnImageHandler by monitoring GET requests to /DnnImageHandler.ashx with a 'url' parameter pointing to external/internal hosts
  • A successful SSRF probe returns HTTP 500 status code from the DNN server while the out-of-band callback is received over HTTP — match both conditions together
  • The vulnerable parameter is 'mode=file' combined with 'url=' in the query string of DnnImageHandler.ashx; alert on any external or RFC-1918 address supplied to the url parameter
  • ·The Nuclei template uses an out-of-band (interactsh) callback to confirm exploitation; detection based solely on HTTP 500 response without OOB confirmation may produce false positives
  • ·Vulnerability affects DNN versions strictly before 9.2.0; instances already patched to 9.2.0 or later are not affected

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.