Security
Headlines
HeadlinesLatestCVEs

Headline

Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

Packet Storm
#xss#cisco#samba#auth

© 2022 Packet Storm. All rights reserved.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6