Simple Exploit Code of Padding Oracle Attack on CBC Mode Block Cipher
CBC mode is not secure for any block cipher such as AES, Triple DES etc. Any web service, executable, process, cookie, database or security protocol which allows repeated decryption of ciphertext and uses CBC mode block cipher such as AES, Triple DES etc. This attack can also allow attacker to create a new ciphertext which decrypts to any desired plaintext without attacker knowing the key.
