The long road to walking a Poodle on a vulnerable server.
1. The Old Vuln
http://www.acunetix.com/blog/news/check-application-vulnerable-asp-net-padding-oracle-vulnerability/
http://blogs.microsoft.co.il/linqed/2010/09/19/padding-oracle-aspnet-vulnerability-explanation/
http://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.html
2. The Test To See If Anyone Is Paying Attention
http://weblogs.asp.net/scottgu/important-asp-net-security-vulnerability
https://blog.skullsecurity.org/2013/padding-oracle-attacks-in-depth
3. Come here Charlie! (Steinbeck Reference)
http://www.guidepointsecurity.com/1023/vulnerability-management/poodle-ssl-3-0-fallback-vulnerability/
http://dunnesec.com/2014/10/20/poodle-sslv3-vulnerability/
And other unknowns that are now known
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://en.wikipedia.org/wiki/NTLM#Vulnerabilities
1. The Old Vuln
http://www.acunetix.com/blog/news/check-application-vulnerable-asp-net-padding-oracle-vulnerability/
http://blogs.microsoft.co.il/linqed/2010/09/19/padding-oracle-aspnet-vulnerability-explanation/
http://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.html
2. The Test To See If Anyone Is Paying Attention
http://weblogs.asp.net/scottgu/important-asp-net-security-vulnerability
https://blog.skullsecurity.org/2013/padding-oracle-attacks-in-depth
3. Come here Charlie! (Steinbeck Reference)
http://www.guidepointsecurity.com/1023/vulnerability-management/poodle-ssl-3-0-fallback-vulnerability/
http://dunnesec.com/2014/10/20/poodle-sslv3-vulnerability/
And other unknowns that are now known
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://en.wikipedia.org/wiki/NTLM#Vulnerabilities
No comments:
Post a Comment