We already discussed the basics of the Padding Oracle Attack in a previous video. In this video, we will look at a proof of concept on a ASP.NET application.
This proof-of-concept exploit performs a Padding Oracle attack against a simple ASP.NET application (it can be any application) to download a file from the remote Web Server. In this example the proof-of-concept exploit downloads the Web.config file.