A script that will do some simple tests against an ASP.NET site to see if might be vulnerable to the padding oracle exploit.

The script is a JavaScript Windows Script Host file (so Windows-only) that can be used in a couple of ways:

• Double-click it and you will be prompted for a site URL
• Or, invoke from a Command Prompt passing the site URL as the first argument. e.g.:

cscript AspNetPaddingOracleDetector.js http://mysite.example.com

For more information see this blog post.