Since I’ve posted about the flaw and how to fix it, here’s how to actually exploit it. The exploit is called “Padding Oracle Exploit Tool” if you want to do a search on it.
You can download the POET script at http://netifera.com/research/. Apparently this exploit works for Apache MyFaces too as seen below.
Remember, exploit responsibly. Have fun!