Last modified by Nicolas Gregoire on 2012/02/03 18:24


Dixit Wikipedia, "DotNetNuke is an open source web content management system based on Microsoft .NET. DotNetNuke was written in VB.NET, though the developer has shifted to C# since version 6.0. It is distributed under both a Community Edition MIT license and commercial proprietary licenses as the Professional and Enterprise Editions."


This is a classic XML External Entity Attack, leading to file disclosure or hashes stealing.