Systems, Software, and Applications Updating for avoiding Cyber Attacks: A Pentest Demonstration
Luiz Casagrande, Evandro Cesar Vilas Boas, Guilherme Pedro Aquino
Evento: XL Simpósio Brasileiro de Telecomunicações e Processamento de Sinais (SBrT2022)
Keywords: Cyber security Pandora FMS Pentest SQL injection
AbstractThis work exploits vulnerabilities in an outdated version of Pandora FMS software through penetration testing (pentest) to demonstrate the relevance of updating systems, software, and applications to avoid cyber attacks. The practical approach is based on a pentest black box in an environment with an outdated version of the Pandora FMS. The SQL injection and the remote file inclusion are exploited, allowing administrative access to the software by inserting a session cookie on the server. Therefore, malware is introduced into the network to control the server.