Update 1: ASP.NET Zero Day Vulnerability - Padding Oracle Exploit

ScottGu has posted some additional FAQs on http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx 

The Microsoft advisory has been revised with some additional content in the FAQs. http://www.microsoft.com/technet/security/advisory/2416728.mspx

The SRD blog has also been revised with some additional content. http://blogs.technet.com/b/srd/archive/2010/09/20/additional-information-about-the-asp-net-vulnerability.aspx

The Sharepoint team has a blog on some additional workarounds that you can employ for Sharepoint 2010. http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

Published Tuesday, September 21, 2010 3:12 AM by naziml

Comments

# re: Update 1: ASP.NET Zero Day Vulnerability - Padding Oracle Exploit

Friday, September 24, 2010 2:30 PM by david_w_rogers

The script would be easier to use if it were possible to eliminate the "OK" messages (after verifying that your entire site tree is displayed.

' Parse command line input

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

DIM skipOK

skipOk = 0 'default to print out "ok" messages"

IF WScript.Arguments.Length=1 THEN

   IF LCase(Left(WScript.Arguments( 0 ), 2)) = "/s" THEN

       skipOk = 1

   ELSE

    strServer = WScript.Arguments( 0 )

   END IF

ELSEIF WScript.Arguments.Length>1 THEN

   IF LCase(Left(WScript.Arguments( 0 ), 2)) = "/s" THEN

strServer = WScript.Arguments( 1 )

       skipOk = 1

   ELSEIF LCase(Left(WScript.Arguments( 1 ), 2)) = "/s" THEN

strServer = WScript.Arguments( 0 )

       skipOk = 1

   ELSE

WScript.Echo "Illegal arguments"

WScript.Echo "Usage: cscript.exe DetectCustomErrorsDisabled.vbs [/skipOkMessages] [RemoteServerName]"

WScript.Quit( 1 )

   END IF

END IF

---------- AND ---------------

SUB ProcessWebConfig(Path,IsRoot)

...

   ELSEIF skipOk = 0 THEN

       WScript.Echo Path & ": ok"

   END IF

END SUB

---------- AND ---------------

Also, if a directory is protected  - and can't be seen by an admin, the script fails. I propose this change:

SUB EnumWebConfig(Path,IsRoot)

...

   ON ERROR RESUME NEXT

   FOR EACH dir IN objFileSys.GetFolder(Path).SubFolders

       CALL EnumWebConfig(dir.Path,0)

   NEXT

END SUB

Powered by Community Server (Commercial Edition), by Telligent Systems