In this post, we are going to learn about:
- Padding oracle attack.
- What is padding?
- Public key cryptography standards (pkcs #5 & pkcs #7).
- Detection of padding oracle as a web penetration tester and its exploitation.
Padding oracle vulnerability is ubiquitous, like sql injection & XSS. Due to this vulnerability an attacker can decrypt the data and even encrypt arbitrary data without any key.
Check this video out for the complete tutorial: