GreySec Forums

Full Version: POC for XML-PRC ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
WordPress XML-RPC authentication brute force
WordPress provides an XML-RPC interface via the xmlrpc.php script. XML-RPC is remote procedure calling using HTTP as the transport and XML as the encoding. An attacker can abuse this interface to brute force authentication credentials using API calls such as wp.getUsersBlogs.
Discovered by /Scripts/WebApps/wordpress_5.script


How to run POC for this vulnerability ?
Server IP : 192.185.35.67
Web-based : wordpress

thanks !
Real the POC and CVE to figure it out. That's what it's for.
https://medium.com/@the.bilal.rizwan/wor...d3c8600b32