ASP.NET Padding Oracle Vulnerablitity
利用方法:
http://blog.zhaojie.me/2010/10/padding-oracle-attack-in-detail.html
http://hi.baidu.com/evilrapper/blog/item/9fee3510e8b3381a213f2eca.html
ASP.NET Padding Oracle Vulnerablitity的可以参见:
http://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.html
http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
http://www.cnblogs.com/zc22/archive/2010/09/19/1830793.html
http://blog.miniasp.com/post/2010/09/19/Security-Hack-Exposes-Forms-Authentication-in-ASPNET.aspx。
另外:ViewState解密应该就是中间的获取cookie那步