Brute Force Attack To Exploit Vvulnerabilities of Websites with CMS Content Management System


The article shows the techniques of brute force attack to exploit vulnerabilities in websites made with CMS content managers taking into account ethical hacking; being that, currently the different public institutions, private and/or natural persons, have a growing demand for their products and/or services are available on the Internet. For example, public institutions in Peru are subject to Law N ∘ 27806, law on transparency and access to public information, to provide such information to citizens, for what is required. Another example corresponds to companies or private companies, for wanting to have positioning, competitive advantage, and approach to customers and also to web users. This involves hiring the services of people specialized in the development of websites that use CMS content managers, such as wordpress, joomla, drupal, etc., to implement these websites. The managers are prepared to help improve at the time of development and put them into production; however, security is often not taken into account. Among the consequences is the increasing number of computer attacks on these sites; therefore, a way to prevent it is by detecting the vulnerabilities that can be exploited, and thereby reduce the risks to which these websites are exposed to.


Keywords: ethical hacking, vulnerabilities, websites, content managers, brute force

[1] Carneiro Roberto, Toscano Juan Carlos, Diaz Tamara, Los desafíos de las TIC para el cambio, Madrid: Fundación Santillana, 2009.

[2] Fernando Román Muñoz, Iván Israel Sabido Cortes, Luis Javier García Villalba,
«Aplicaciones web vulnerables a propósito,» de VIII Congreso Internacional de
Computación y Telecomunicaciones, Lima, 2016.

[3] Y. Martirosyan, «Security Evaluation of Web Application Vulnerability Scanners Strengths and Limitations Using Custom Web Application,» East Bay, California State University, 2012.

[4] J. Muniz y A. Lakhani, Web Penetration Testing with Kali Linux, Packt Publishing Ltd, 2013.

[5] R. Singh Patel, Kali Linux Social Engineering, editorial Packt Publishing Ltd, 2013.

[6] E. B. D. J. M. J. Bau, «Automated Black-Box Web Application Vulnerability Testing,» de IEEE Symposium on Security and Privacy, Berkeley, 2010.

[7] M. C. a. G. V. Adam Doupé, «Why Johnny Can’t Pentest: An Analysis of Blackbox Web Vulnerability Scanners,» de 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’10), 2010.

[8] A. M. Ferreira y H. Kleppe, «Effectiveness of Automated Application Penetration Testing Tools,» 2011.

[9] E. Fong, R. Gaucher, V. Okun y P. E. Black, «Building a Test Suite for Web Application Scanners,» de Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, Waikoloa, HI, USA, 2008.

[10] F. Román, I. I. Sabido y L. J. García, «Capacidades de detección de las herramientas de
análisis de vulnerabilidades en aplicaciones Web,» de XIII Reunión Española sobre Criptología y Seguridad de la Información, 2014.