Researchers have released software that exposes private information and
executes arbitrary code on sensitive websites by exploiting weaknesses in a
widely used web development technology.

Short for Padding Oracle Exploitation Tool, Poet is able to decrypt secret
data encrypted by the JavaServer Faces web development framework without knowing
the secret key. Attackers can use the technique to access private customer data
on websites operated by banks, e-commerce companies and other businesses,
according to a paper (PDF)
released in February by researchers Juliano Rizzo and Thai Duong. In some cases,
the exploit can be used to run malicious software on the underlying server.


Check Also

Проект Red Team: роли и области экспертизы. Колонка Дениса Макрушина

Красная команда имитирует действия атакующего, чтобы помочь оценить эффективность защитных…

Оставить мнение