PaloAlto Captive Portal XSS Attack

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: (Detail taken from The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack


Palo Alto Networks : Firewall Loopback interfaces

In a dual-homed network infrastructure, loopback interfaces are a very valuable configuration option on Palo Alto firewalls. Cisco folk may be more familiar with the use of loopback interfaces, so this article gives a very quick look at some of the uses of a loopback interface in a Palo Alto firewall deployment. The most usedul … Continue reading Palo Alto Networks : Firewall Loopback interfaces