Self-contained Visual Studio Project for Padding Oracle Exploit RSS

• • Reply
  

  pitz

  Member

  54 Points

  14 Posts

  Self-contained Visual Studio Project for Padding Oracle Exploit

  Oct 13, 2010 08:55 PM|LINK

  I had been holding my blog post regarding details of the padding oracle exploit for weeks.  The original researchers have not disclosed the Python source to their tool, but the exploit can be crafted from following the documents/papers available to the general public.

  I now see that a couple of public blogs have recently provided the details anyway.  Now that the patches are available on Windows Update, my yet another blog post should hopefully make developers understand the channels that were exploited.

  The zipped VS solution provides a sample web site and an exploit program in C#.  I used it against an unpatched .NET 4.0 system, but can easily be adapted to use against an earlier version of .NET (versions earlier than ASP.NET 3.5 would not have the ScriptResource handler though).
  

  http://peterwong.net/blog/?p=120
  

  
  

  • Edited by pitz on Oct 13, 2010 08:56 PM
• • Reply
  

  Ming Xu - MS...

  All-Star

  25269 Points

  2235 Posts

  Microsoft

  Re: Self-contained Visual Studio Project for Padding Oracle Exploit

  Oct 19, 2010 03:19 AM|LINK

  Hi,

  Please check the link below for more information about Padding Oracle Exploit:

  http://sws.codeplex.com/

  Hope it can help you.
   

  Please mark the replies as answers if they help or unmark if not.
  Feedback to us
  
  Develop and promote your apps in Windows Store