You've misread some things. Your block size is 16, and this is fine. 124 is the message size, not the block size. Beyond this, it's likely that nikto is right and you aren't using padbuster correctly, but I don't know nikto or padbuster so I can't help with that. You should edit your question to explain exactly how you're using padbuster. Sep 03, 2010 · asp.net padding oracle: how it relates to getting the web.config, forging authentication cookies and reading other sensitive data This ASP.NET security vulnerability is certainly very serious: (2416728) Vulnerability in ASP.NET Could Allow Information Disclosure .

well that is the reply i was expecting if the evenly divisible size of the Encrypted bytes posted on the input is not 16 then 2 for example would work, but doens't – PythonNewbie Jan 11 '15 at 22:09 Dec 23, 2018 · Hi guys,today we will do the web challenge - i know mag1k on hackthebox.eu,your task at this challenge is get profile page of the admin ,let's see your site first. At usual the site require a credential,go to it's source code page to find some info,i couldn't find any thing that helpful so i will…