Author: Juliano Rizzo, Thai Duong
The padding oracle attack is a powerful crypto attack against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, it is possible to efficiently decrypt data without knowing the encryption key. In their research Juliano and Thai used this crypto attack to create a whole new set of practical web hacking techniques.