Yesterday, Agustin Azubel from Amplia Security released a proof-of-concept exploit implementing a Padding Oracle attack against ASP.NET (MS10-070) that allows an attacker to download a file from the remote web server.
Today we released a video showing how the PoC exploit works.
You can find it here:
http://vimeo.com/15856549
and also, here:
http://www.youtube.com/ampliasecurity#p/u/0/2jvmT5lmIIM
If you don't feel like installing IIS/ASP.NET and creating a sample application or don't have an already vulnerable ASP.NET application to test the PoC exploit on, the video will give you an idea on how the exploit works.
No comments:
Post a Comment