Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.


SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370


Related Posts