๐ Ian Dunn: xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS)
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Hi Team, The website https://www.iandunn.name has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. URL: https://www.iandunn.name In order to determine whether the xmlrpc.php file is enabled or not, using the Repeater tab in Burp, send the request below. Request: POST /xmlrpc.php HTTP/1.1 Host: www.iandunn.name User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Content-Length: 135 system.listMethods Response: HTTP/1.1 200 OK Date: Tue, 07 Jan 2020 19:32:48 GMT Content-Type: text/xml; charset=UTF-8 Connection: close Set-Cookie: __cfduid=dc58db4ecd3ff4946ffca93e21566ff371578425567; expires=Thu, 06-Feb-20 19:32:47 GMT; path=/; domain=.iandunn.name; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000 CF-Cache-Status: DYNAMIC X-Content-Type-Options: nosniff Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 55185c145806dcd6-SIN Content-Length: 4272 system.multicall system.listMethods system.getCapabilities demo.addTwoNumbers ... ...