.NET框架Padding Oracle Attack扫描[网络技术]

本日测试了一下.NET框架Padding Oracle Attack扫描,工具在http://ethicalhackingaspnet.codeplex.com/,后果以下:

Test started, please be patient...

Request to:      http://www.eskynet.cn/
Response from:      http://www.eskynet.cn/
Response length:    23033
Status code:     200 OK
Response time:      43 msec

Request to:      http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response from:      http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response length:    1526
Status code:     404 NotFound
Response time:      295 msec

Request to:      http://www.eskynet.cn/ScriptResource.axd?d=LENSTEST&t=LENSTEST
Response from:      http://www.eskynet.cn/ScriptResource.axd?d=LENSTEST&t=LENSTEST
Response length:    1513
Status code:     404 NotFound
Response time:      8 msec

Request to:      http://www.eskynet.cn/WebResource.axd?d=LENSTEST&t=LENSTEST
Response from:      http://www.eskynet.cn/WebResource.axd?d=LENSTEST&t=LENSTEST
Response length:    3026
Status code:     500 InternalServerError
Response time:      308 msec

The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content). Scroll up for the details.
Test completed.

 判断代码以下（注意数字是从0开始的）:

if( this.statusCodes[ 1 ] == this.statusCodes[ 2 ] && this.statusCodes[ 2 ] == this.statusCodes[ 3 ] &&this.contents[ 1 ] == this.contents[ 2 ] && this.contents[ 2 ] == this.contents[ 3 ] ){this.WriteOutput( "The site is PROBABLY safe from the Padding Oracle attack (based on the HTTP response codes and content). Scroll up for the details." );}else{this.WriteOutput( "The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content). Scroll up for the details." );}