<![CDATA[New research from Matei "Mal" Bădănoiu (Pentest-Tools.com):]]>New research from Matei "Mal" Bădănoiu (Pentest-Tools.com):

Stored XSS to RCE in DNN Platform (DotNetNuke), CVE-2026-40321.

SVG upload with javascript: in an <a href> bypasses the filter. The /API/personaBar/ConfigConsole/UpdateConfigFile endpoint writes an ASPX backdoor to the web root. whoami → iis apppool, Potato your way to SYSTEM.

Delivery: DNN's own internal messaging. No external infra.

https://pentest-tools.com/blog/dotnetnuke-xss-to-rce

Link Preview Image
]]>https://board.circlewithadot.net/topic/da47e2ef-7f4f-497a-8188-69902d28f55b/new-research-from-matei-mal-bădănoiu-pentest-tools.comRSS for NodeFri, 15 May 2026 05:34:58 GMTTue, 21 Apr 2026 13:20:41 GMT60