Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script for detecting or exploiting ASP.net padding oracle vulnerability?

From: "Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>
Date: Tue, 5 Oct 2010 23:13:59 -0300
Vietnam & Argentina worked together for that exploit. My cheers from
here (currently, Washington DC) to Juliano and Thai.

On Tue, Oct 5, 2010 at 10:39 PM, Fyodor <fyodor () insecure org> wrote:

Hi folks.  The ASP.net padding oracle vulnerability has been getting a
lot of attention lately.  Anyone want to try and write an NSE script
for detecting and/or exploiting the problem?  It is a fun
crypto-related attack.  Here are some details:

Details from the guys who discovered the vulnerability:
 http://netifera.com/research/

MS (released out of band) advisory MS10-070:
 http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

Exploit PoC in Javascript:
 http://www.ampliasecurity.com/blog/2010/09/28/a_padding_oracle_attack_implemented_in_javascript/

Cheers,
-Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: