GreySec Forums
POC for XML-PRC ? - Printable Version

+- GreySec Forums (https://greysec.net)
+-- Forum: Security and Exploitation (https://greysec.net/forumdisplay.php?fid=7)
+--- Forum: Application Security (https://greysec.net/forumdisplay.php?fid=9)
+--- Thread: POC for XML-PRC ? (/showthread.php?tid=3549)



POC for XML-PRC ? - h3x0r - 10-03-2018

WordPress XML-RPC authentication brute force
WordPress provides an XML-RPC interface via the xmlrpc.php script. XML-RPC is remote procedure calling using HTTP as the transport and XML as the encoding. An attacker can abuse this interface to brute force authentication credentials using API calls such as wp.getUsersBlogs.
Discovered by /Scripts/WebApps/wordpress_5.script


How to run POC for this vulnerability ?
Server IP : 192.185.35.67
Web-based : wordpress

thanks !


RE: POC for XML-PRC ? - Insider - 05-20-2019

Real the POC and CVE to figure it out. That's what it's for.
https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32