Problem with "Asp.net padding oracle vulnerability"

[arash2121]

Hi. I scanned a website with "Acunetix 8" and it showed me "asp.net padding oracle vulnerability" but the software couldn't find webresource.axd or scriptresource.axd and when I viewed the source code of the website I didn't see anything like this:
/webresource.axd?d=<resourceId>&t=<timestamp>
But I am sure that the website has this vulnerability and I need this two parameters( resourceId and timestamp) to inject to that website.
How can I find this two parameters?
thank you.

[RedBullAddicted]

Sweet "I used a automated scanner which showed a vulnerability and now I can't find the hax button to exploit it". You think I just deleted that post for fun? Why you send a pm asking why I deleted the post if you don't wait for a reply and post the same thing again? Well, I decided to not delete it again Lets see what others have to say about that question.

Ok, to not make that post totally useless: https://www.owasp.org/index.php/Testing_for_Padding_Oracle_%28OWASP-EN-003%29

Maybe this will help you to get a better understanding what it is about

[Stackprotector]

Acunetix is a great tool and most of it's results are useful to a professional pentester. In other words, it's not usable for you because those vulnerabilities are very specific and are more interesting to fix than to exploit.

[andreol263]

Well, A.NPO, is a vulnerability VERY dificult to find today..., and for SURE this is a false positive, because Acunetix 8 don't scan for REAL the Encrypted Code on WebResource, if the custom_error is Active or Not, If the EBC or CBC Decrypt is REALLY Vulnerable, Well, Acunetix is Horrible today,  Use Good Vul Scanners, like: w3fc, Nikto, Nessus, OWASP ZAP(Is a Fuzzer Too , and well, For Sure is a False Positive.