Nmap Development mailing list archives
NSE Script for detecting or exploiting ASP.net padding oracle vulnerability?
From: Fyodor <fyodor () insecure org>
Date: Tue, 5 Oct 2010 18:39:22 -0700
Hi folks. The ASP.net padding oracle vulnerability has been getting a lot of attention lately. Anyone want to try and write an NSE script for detecting and/or exploiting the problem? It is a fun crypto-related attack. Here are some details: Details from the guys who discovered the vulnerability: http://netifera.com/research/ MS (released out of band) advisory MS10-070: http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx Exploit PoC in Javascript: http://www.ampliasecurity.com/blog/2010/09/28/a_padding_oracle_attack_implemented_in_javascript/ Cheers, -Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Script for detecting or exploiting ASP.net padding oracle vulnerability? Fyodor (Oct 05)
- Re: NSE Script for detecting or exploiting ASP.net padding oracle vulnerability? Arturo 'Buanzo' Busleiman (Oct 05)