Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

Read more


Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"