Page 1 of 1
if scan, there is "asp.net padding oracle"
Posted: Mon Feb 19, 2018 6:18 pm
by tingwing
hi
if scan, there is "asp.net padding oracle"
how to fix it?
Thanks
Re: if scan, there is "asp.net padding oracle"
Posted: Tue Feb 20, 2018 1:29 am
by straightlight
What does this topic even mean exactly? More information is needed. Have you also looked on Google for this message?
Re: if scan, there is "asp.net padding oracle"
Posted: Tue Feb 20, 2018 1:03 pm
by tingwing
if scan website "opencart3.0.2+journal2.6.1 "
show "ASP.NET Padding Oracle" vulnerability
Detail:
http://www.bundeio.com/WebResource.axd?d=1519024651
response:{"header":"HTTP/1.0 500 Internal Server Error
Date: Mon, 19 Feb 2018 07:17:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: OCSESSID=0524485a75240bd2acb2d1fa1a; path=/, OCSESSID=0524485a75240bd2acb2d1fa1a; path=/
Content-Length: 153
Connection: close
Content-Type: text/html; charset=UTF-8
"}
request:{"body":"","header":"GET /WebResource.axd?d=1519024651 HTTP/1.1
Cookie: OCSESSID=0524485a75240bd2acb2d1fa1a; currency=USD; language=en-gb
Host:
www.bundeio.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
"}
target:"
http://www.bundeio.com/WebResource.axd"
url:
http://www.bundeio.com/WebResource.axd?d=1519024651
Re: if scan, there is "asp.net padding oracle"
Posted: Thu Feb 22, 2018 12:27 pm
by tingwing
I got this notification from alipay ,who scan the website before allow me to enable alipay payment.
Re: if scan, there is "asp.net padding oracle"
Posted: Thu Feb 22, 2018 6:52 pm
by straightlight
Since you're using Journal2, revert back to the default theme and redo a transaction from alipay noticing if this issue can be reproduced. If not, contact the Journal2 support.