id: wp-xmlrpc-pingback-detection info: name: Wordpress XMLRPC Pingback detection author: pdteam severity: info reference: - https://github.com/dorkerdevil/rpckiller - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32 tags: wordpress,ssrf,oast,xmlrpc requests: - raw: - | POST /xmlrpc.php HTTP/1.1 Host: {{Hostname}} pingback.ping http://{{interactsh-url}} {{BaseURL}}/?p=1 matchers: - type: word part: interactsh_protocol words: - "http"