Yesterday, Agustin Azubel from Amplia Security released a proof-of-concept exploit implementing a Padding Oracle attack against ASP.NET (MS10-070) that allows an attacker to download a file from the remote web server.
Today we released a video showing how the PoC exploit works.
You can find it here:
and also, here:
If you don't feel like installing IIS/ASP.NET and creating a sample application or don't have an already vulnerable ASP.NET application to test the PoC exploit on, the video will give you an idea on how the exploit works.