Last post Oct 19, 2010 03:19 AM by Ming Xu - MSFT
Oct 13, 2010 08:55 PM|pitz|LINK
I had been holding my blog post regarding details of the padding oracle exploit for weeks. The original researchers have not disclosed the Python source to their tool, but the exploit can be crafted from following the documents/papers available to the general
I now see that a couple of public blogs have recently provided the details anyway. Now that the patches are available on Windows Update, my yet another blog post should hopefully make developers understand the channels that were exploited.
The zipped VS solution provides a sample web site and an exploit program in C#. I used it against an unpatched .NET 4.0 system, but can easily be adapted to use against an earlier version of .NET (versions earlier than ASP.NET 3.5 would not have the ScriptResource
Oct 19, 2010 03:19 AM|Ming Xu - MSFT|LINK
Please check the link below for more information about Padding Oracle Exploit:
Hope it can help you.