Episode 27: Top 7 Esoteric Web Vulnerabilities
Critical Thinking - Bug Bounty Podcast
00:00
AES Padding Protocol for Padding Oracle Attacks
The way that the PKCS seven padding works is that you've got your 16 byte blocks. And then when you don't have, when your data does not sum up to 16 bytes, the rest of that 16bytes is filled by the value that is the number of remainingbyte. So if you've got 15 in a block and you need one more, that last byte is going to contain the, a byte that points to one. And if it's 14, then it's going to have to, yeah, zero, zero to zero to, right? Yeah. That's something that I had back there, you know, in the memory database and that, but just doesn't come
Transcript
Play full episode
