Wednesday, October 13, 2010

MS10-070 ASP.NET Padding Oracle Attack to download web.config or other files

You can find it here: 

A proof-of-concept attack against MS10-070, this PoC is an implementation in Ruby of a Padding Oracle attack and allows you to download the 'Web.config' file or any other file from a vulnerable ASP.NET installation.

It was written by Agustin Azubel (aazubel [ at ]

No comments: