Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

NSE Script for detecting or exploiting ASP.net padding oracle vulnerability?

From: Fyodor <fyodor () insecure org>
Date: Tue, 5 Oct 2010 18:39:22 -0700
Hi folks.  The ASP.net padding oracle vulnerability has been getting a
lot of attention lately.  Anyone want to try and write an NSE script
for detecting and/or exploiting the problem?  It is a fun
crypto-related attack.  Here are some details:

Details from the guys who discovered the vulnerability:
  http://netifera.com/research/

MS (released out of band) advisory MS10-070:
  http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

Exploit PoC in Javascript:
  http://www.ampliasecurity.com/blog/2010/09/28/a_padding_oracle_attack_implemented_in_javascript/

Cheers,
-Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: