Results 1 to 2 of 2

Thread: POET : Padding Oracle Exploit Tool

  1. #1
    Moderator firebits's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    353

    Lightbulb POET : Padding Oracle Exploit Tool

    At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, he shows that is possible to efficiently decrypt data without knowing the encryption key. In this paper, we turn the padding oracle attack into a new set of practical web hacking techniques.


    53e5eb377b9224fa5c6f8ba8fd873ae2.jpg


    Flickr offers a relatively comprehensive web-service API that allows programmers to build applications which could perform virtually any functionality a Flickr internet site can do. Users need to be authenticated while using Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr’s API Key. An 8-byte extended ’shared secret’ for ones API Key is then issued by Flickr and can not be changed by the users. This secret is applied during the signing process, that is certainly required for all API calls utilizing an authentication token. This advisory describes a vulnerability during the signing process that allows an attacker to build valid signatures with out knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any computer software utilizing Flickr’s API

    Download Padding Oracle Exploit Tool Here

    Video
    YouTube - Padding Oracle Exploit Tool vs Apache MyFaces

    by firebits

  2. #2
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    1

    Default Re: POET : Padding Oracle Exploit Tool

    excuse me sir, but the download link isn't working, i'm googling the net about poet.py but no good, plz, could you send a working link?

    thx v.much in advance

Similar Threads

  1. is oracle installed in bt4
    By lio_013 in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 02-02-2010, 12:24 PM
  2. Tool request: NSAT (network security analysis tool)
    By williamc in forum OLD BT3beta General
    Replies: 10
    Last Post: 06-03-2008, 04:33 PM
  3. Oracle Instant Client
    By BadKarmaPR in forum OLD BT3beta Bugs and Fixes
    Replies: 1
    Last Post: 03-24-2008, 04:43 AM
  4. Oracle Security Presentation Help?
    By >Dart> in forum OLD BackTrack v2.0 Final
    Replies: 19
    Last Post: 03-17-2008, 08:24 PM
  5. purpose of /opt/oracle/instantclient_10_2
    By bofh1234 in forum OLD Newbie Area
    Replies: 3
    Last Post: 12-07-2007, 08:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •