Nmap Development mailing list archives
Re: NSE Script for detecting or exploiting ASP.net padding oracle vulnerability?
From: "Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>
Date: Tue, 5 Oct 2010 23:13:59 -0300
Vietnam & Argentina worked together for that exploit. My cheers from here (currently, Washington DC) to Juliano and Thai. On Tue, Oct 5, 2010 at 10:39 PM, Fyodor <fyodor () insecure org> wrote:
Hi folks. The ASP.net padding oracle vulnerability has been getting a lot of attention lately. Anyone want to try and write an NSE script for detecting and/or exploiting the problem? It is a fun crypto-related attack. Here are some details: Details from the guys who discovered the vulnerability: http://netifera.com/research/ MS (released out of band) advisory MS10-070: http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx Exploit PoC in Javascript: http://www.ampliasecurity.com/blog/2010/09/28/a_padding_oracle_attack_implemented_in_javascript/ Cheers, -Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Script for detecting or exploiting ASP.net padding oracle vulnerability? Fyodor (Oct 05)
- Re: NSE Script for detecting or exploiting ASP.net padding oracle vulnerability? Arturo 'Buanzo' Busleiman (Oct 05)