Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress XML-RPC List System Methods

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress
Description

Wordpress XML-RPC List System Methods

What is the "Wordpress XML-RPC List System Methods?"

The "Wordpress XML-RPC List System Methods" module is designed to detect the presence of certain system methods in the XML-RPC interface of a Wordpress website. It targets Wordpress installations that have the XML-RPC functionality enabled. This module is informative in nature, providing insights into the available system methods and their potential impact.

Author: 0ut0fb4nd

Severity: Informative

Impact

This module does not have a direct impact on the security of the Wordpress website. It simply lists the system methods available through the XML-RPC interface. However, the presence of certain system methods may indicate potential vulnerabilities or misconfigurations that could be exploited by attackers.

How the module works?

The module sends a POST request to the "/xmlrpc.php" endpoint of the Wordpress website. It then checks the response for specific conditions:

- The response status code must be 200. - The response body must contain the following words: "system.multicall", "system.listMethods", and "demo.sayHello".

If these conditions are met, the module considers the system methods to be present and reports them as part of the scan results.

Example HTTP request:

POST /xmlrpc.php

The module does not perform any further actions or exploit any vulnerabilities. It simply provides information about the available system methods through the XML-RPC interface.

Module preview

Concurrent Requests (1)
1. HTTP Request template
POST/xmlrpc.php
Matching conditions
status: 200and
word: system.multicall, system.listMethods, de...
Passive global matcher
No matching conditions.
On match action
Report vulnerability