Is it vulnerable to ASP Padding oracle

Question

Is it vulnerable to ASP Padding oracle

When I open chat.mysite.com/WebResource.axd?d=jzjghMVYzFihd9Uhe_arpA2 It gives me: Invalid filling and cannot be deleted.
When I open chat.mysite.com/WebResource.axd?d=acunetix This gives me: Invalid view state.
When I open chat.mysite.com/WebResource.axd?d= This gives me: Resource not found.

However, when I open any of these /WebResource.axd on my main site www.mysite.com, no error occurs ....

My question is: Is my site vulnerable to complement the oracle, and if so, what data can be stolen? Another thing is that as soon as I open the "source of viewing" www.mysite.com, there is no such thing as script = webresource.axd, or something like that. I am confused if an attacker wants to take control of a site, what can he do? How will he carry out his attack? Can an attacker gain access to administrator privileges?

+1

security cryptography asp.net encryption padding-oracle-attack

Jagex online Apr 05 '13 at 15:38

source share

2 answers

rook · Answer 1 · 2013-04-05T15:48:08+0000

With the little information provided, I would say that it is probably vulnerable to complement the oracle. A single slot can be used to decrypt ciphertext, one byte at a time, starting at the very end of the backward message.

MAC.

NotMe · Answer 2 · 2013-04-05T16:18:22+0000

.

, .

, , , cookie.

" ", . , . , web.config , db. , , , web.config, , , , . .

, ?

, . Windows . -. MS . , 10 , Windows , . DB, , , .

-, . - web.config, . , , .. , . , . .

-, . . . -, , -.

-, , . , , //etc . , , . , , ... # 3 .

-, . , , . , , . , , . , , sql. ; , , - .

, , , .

Is it vulnerable to ASP Padding oracle

More articles: