Pentest Plataforma de eLearning
Cyber Dacians assigned two technical specialists in charge of the project who discovered 8 vulnerabilities in the platform in 10 days.
A timeline for a project at Cyber Dacians starts with some initial reconnaissance at the network level, dumping the DNS records and scanning the TCP ports. One of the first critical vulnerabilities lies in this part of the penetration testing by finding an outdated service and running a specific exploit on it. We could get a shell by doing this.
Moving on to the web application, a big number of XSS vulnerabilities and SQL injections have been found. Another critical vulnerability, besides various medium and high level XSS and SQL vulnerabilities, is a command injection which allowed us to easily get a shell on the platform.
Finally, a few vulnerabilities regarding the management of the sessions, data leaking and bruteforceable login have been mentioned in the report as well.
The final report contained an executive report, a classification of vulnerabilities and solutions to each vulnerability.
Nuestra red global de CyberOficinas: