.NET框架Padding Oracle Attack扫描[网络技术]
本文“.NET框架Padding Oracle Attack扫描[网络技术]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
本日测试了一下.NET框架Padding Oracle Attack扫描,工具在http://ethicalhackingaspnet.codeplex.com/,后果以下:
Test started, please be patient...
Request to: http://www.eskynet.cn/
Response from: http://www.eskynet.cn/
Response length: 23033
Status code: 200 OK
Response time: 43 msec
Request to: http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response from: http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response length: 1526
Status code: 404 NotFound
Response time: 295 msec
Request to: http://www.eskynet.cn/ScriptResource.axd?d=LENSTEST&t=LENSTEST
Response from: http://www.eskynet.cn/ScriptResource.axd?d=LENSTEST&t=LENSTEST
Response length: 1513
Status code: 404 NotFound
Response time: 8 msec
Request to: http://www.eskynet.cn/WebResource.axd?d=LENSTEST&t=LENSTEST
Response from: http://www.eskynet.cn/WebResource.axd?d=LENSTEST&t=LENSTEST
Response length: 3026
Status code: 500 InternalServerError
Response time: 308 msec
The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content). Scroll up for the details.
Test completed.
判断代码以下(注意数字是从0开始的):
if( this.statusCodes[ 1 ] == this.statusCodes[ 2 ] && this.statusCodes[ 2 ] == this.statusCodes[ 3 ] &&this.contents[ 1 ] == this.contents[ 2 ] && this.contents[ 2 ] == this.contents[ 3 ] ){this.WriteOutput( "The site is PROBABLY safe from the Padding Oracle attack (based on the HTTP response codes and content). Scroll up for the details." );}else{this.WriteOutput( "The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content). Scroll up for the details." );}
以上是“.NET框架Padding Oracle Attack扫描[网络技术]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |