Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Wordpress XML-RPC List System Methods" module is designed to detect the presence of certain system methods in the XML-RPC interface of a Wordpress website. It targets Wordpress installations that have the XML-RPC functionality enabled. This module is informative in nature, providing insights into the available system methods and their potential impact.
Author: 0ut0fb4nd
Severity: Informative
This module does not have a direct impact on the security of the Wordpress website. It simply lists the system methods available through the XML-RPC interface. However, the presence of certain system methods may indicate potential vulnerabilities or misconfigurations that could be exploited by attackers.
The module sends a POST request to the "/xmlrpc.php" endpoint of the Wordpress website. It then checks the response for specific conditions:
- The response status code must be 200. - The response body must contain the following words: "system.multicall", "system.listMethods", and "demo.sayHello".If these conditions are met, the module considers the system methods to be present and reports them as part of the scan results.
Example HTTP request:
POST /xmlrpc.php
The module does not perform any further actions or exploit any vulnerabilities. It simply provides information about the available system methods through the XML-RPC interface.