Yesterday, Agustin Azubel from Amplia Security released a proof-of-concept exploit implementing a Padding Oracle attack against ASP.NET (MS10-070) that allows an attacker to download a file from the remote web server.
Today we released a video showing how the PoC exploit works.
You can find it here:
http://vimeo.com/15856549
and also, here:
http://www.youtube.com/ampliasecurity#p/u/0/2jvmT5lmIIM
If you don't feel like installing IIS/ASP.NET and creating a sample application or don't have an already vulnerable ASP.NET application to test the PoC exploit on, the video will give you an idea on how the exploit works.
Today we released a video showing how the PoC exploit works.
You can find it here:
http://vimeo.com/15856549
and also, here:
http://www.youtube.com/ampliasecurity#p/u/0/2jvmT5lmIIM
If you don't feel like installing IIS/ASP.NET and creating a sample application or don't have an already vulnerable ASP.NET application to test the PoC exploit on, the video will give you an idea on how the exploit works.