This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 500 through 930-RC Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization The cookie ...