Wednesday, October 13, 2010

MS10-070 ASP.NET Padding Oracle Attack to download web.config or other files

You can find it here:  

 http://www.ampliasecurity.com/research/aspx_po_chotext_attack.rb 

A proof-of-concept attack against MS10-070, this PoC is an implementation in Ruby of a Padding Oracle attack and allows you to download the 'Web.config' file or any other file from a vulnerable ASP.NET installation.





It was written by Agustin Azubel (aazubel [ at ]  ampliasecurity.com).

No comments: