Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 24, 2010

ASP.NET padding oracle vulnerability, the video

A video of the POET-tool — used to exploit the ASP.NET padding oracle vulnerability — have been published to show the tool in action. The video shows the steps taken by the tool to compromise the web.config file of the application, which in this example contains the ASP.NET machine keys.

Following the results presented in the Usenix paper by Rizzo and Duong, the tool does not compromize the keys directly, but rather relies on the oracle to create a valid ciphertext which in turn can be used to retrieve the web.config from the application. The machine keys are not completely lost until the web.config is served as a regular file by ASP.NET.

Access to the machine keys enables forging of viewstates — as well as Forms authentication cookies. Apparently, a DotNetNuke cookie can be forged to log the attacker in as a superuser.

What happens after this is not related to the current ASP.NET vulnerability, but is related to a different vulnerability. Shell access is obtained to the machine through a known attack, and is carried out by installing a new module in DotNetNuke.

We'll return to the forged DotNetNuke cookie. Why is this possible? Well, yes, the encryption key and signing key for an authentication cookie are both compromised. Still, it's possible to tighten up session security in DotNetNuke. An authentication cookie should be tied to some server side state. When it's not, like in this demo, the entire authentication procedure can be skipped and rendered useless — unfortunately a very common setup in ASP.NET applications. In other words, losing your machine keys should not immediately lay open the road to log in to your application as a superuser!

I'll be blogging more about ASP.NET session management, and the whole "authorization based exclusively on client controlled state" idea. It's an important, though somewhat complicated matter.


  1. It's great that you can learn something just watching video online. I found this recently and it was really useful.

  2. Online Assignment Expert is a milestone-setting assignment help providing company classifying under academics writing of different types. Our trait to make sure that we bestow assignment help without any mistakes. The same has one hearts and minds of over a million students around the globe. Our Ratio analysis assignment help experts say that this is what you aim for in your studies. We are no different. We have ensured this motto is followed by each of our engineering assignment writing experts, who are also research scholars. Our experts are certified and experienced professionals in the Strategy & Planning Assignment Help discipline.

  3. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    post free classified ads in india

  4. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    Scaffolding Dealers in Chennai
    Aluminium Scaffolding Dealers in Chennai

  5. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    web portal development company in chennai

  6. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    scaffolding dealers in chennai
    aluminium scaffolding dealers in chennai

  7. Hello! This is my first visit to your website! Your website provided us useful information to work on. Would like to visit this website again and again.
    app development
    india mobile app development
    mobile app development
    develop mobile app

  8. ASP.NET is a developer platform made up of tools, programming languages, and libraries for building many types of applications. This is a good platform for earning money. Coursework writing services.

  9. wow this is one of the best asp.net padding video that I have ever seen so far go here for details.

  10. while we saw ASP.NET padding oracle vulnerability, the video lag at the middle

  11. ASP.NET is not easy for everyone to learn it's a really complicated coding language but this tool is also in demand in the web development market. Hire someone to do my online class.

  12. These types of videos always helps students in their exam season as sometimes they are not able to understand the topic in class due to various reason. For that purpose they are in search of some external help. They can also pay someone to do my online class to get the best grades in their exams.

  13. As web developers, we are always aware of the latest security threats. Recently, there has been a new security threat that we should be aware of - POET-tool exploits ASP.NET padding oracle vulnerability to compromise machine keys.

    POET-tool is a remote access tool that allows attackers to control and monitor targets. POET-tool exploits a vulnerability in ASP.NET that allows attackers to inject malicious content into requests and injects the contents of arbitrary files into responses. This allows attackers to execute malicious code on the target machine, access sensitive data, and steal secrets.

    To exploit this vulnerability, POET-tool requires that the user be authenticated using an ASP.NET user ID and password. Once the attacker has access to these credentials, they can exploit the padding oracle vulnerability to compromise machine keys.

    This is a serious vulnerability that requires all developers using ASP.NET to be aware of it and take appropriate action to protect their machines. By following these simple steps, you can protect your machine from attack and keep your data safe.

  14. เปิดร้านส้มตำ สร้างยอดขาย ด้วยเทคนิค pg slot game อยากเปิด ร้านส้มตำเล็กๆ สร้างยอดขายหลักแสน หลักล้าน ไม่ยากอย่าง ที่คิด วันนี้ pg slot game สร้างอาชีพ จะมาเผยสเต็ปเคล็ดไม่ลับ

  15. Student's pursuing web development as a career can checkout this blog.

  16. The video on the ASP.NET padding oracle vulnerability is incredibly insightful, shedding light on a critical security flaw that web developers must address. Understanding how this vulnerability works and how to mitigate it is crucial for maintaining secure applications. As someone who's also into car parts manchester, I can appreciate the importance of attention to detail, whether it's in software security or finding the right component for your vehicle. Both fields demand precision and vigilance to ensure everything runs smoothly. This video is a must-watch for anyone serious about web security and protecting their systems from potential exploits.


Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts