MS10-070 ASP.NET Padding Oracle attack proof-of-concept exploit

This proof-of-concept exploit performs a Padding Oracle attack against a simple ASP.NET application (it can be any application) to download a file from the remote Web Server. In this example the proof-of-concept exploit downloads the Web.config file.

This proof of concept exploit can be found at http://www.ampliasecurity.com/research/aspx_po_chotext_attack.rb

Views: 100

Comment

You need to be a member of OracleConnections to add comments!

Join OracleConnections

Oracle Jobs in US

© 2024   Created by Maisam Agha.   Powered by

Badges  |  Report an Issue  |  Terms of Service