"README.md:

Please note that this works on all DNN websites, it is a no-fix vulnerability that was never patched. This is a proof of concept that can be used to chain together SSRF and XSS on any DNN website. The XSS Payload replicates a login page, listens to the username and password fields and once the button is pressed, it will send a fetch request to our ngrok server with the username and password."