Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress XMLRPC.php username and password Bruteforcer

By kannthu

High
Vidoc logoVidoc Module
#wordpress#php#xmlrpc#fuzz
Description

What is the "Wordpress XMLRPC.php username and password Bruteforcer?"

The "Wordpress XMLRPC.php username and password Bruteforcer" module is designed to detect vulnerabilities in WordPress websites that have the XML-RPC functionality enabled. It focuses on brute-forcing usernames and passwords through the xmlrpc.php file, which is commonly targeted by attackers.

This module has a high severity level, indicating that it poses a significant risk to the security of WordPress websites.

Author: Exid

Impact

If this module detects a vulnerability, it means that an attacker could potentially gain unauthorized access to the WordPress website by guessing valid usernames and passwords. This can lead to various malicious activities, such as defacement, data theft, or even complete control over the website.

How does the module work?

The module sends a POST request to the xmlrpc.php file, attempting to authenticate using different combinations of usernames and passwords. Here is a simplified example of the request:

POST /xmlrpc.php HTTP/1.1
Host: <Hostname>
Content-Length: 235

<?xml version="1.0" encoding="UTF-8"?>
 <methodCall>
   <methodName>wp.getUsersBlogs</methodName>
   <params>
     <param>
       <value><username></value>
     </param>
       <param>
     <value><password></value>
       </param>
   </params>
 </methodCall>

The module then checks the response for specific conditions to determine if the authentication was successful. It looks for a response with a status code of 200 and specific keywords in the response body, such as "url," "xmlrpc," or "isAdmin."

If all the matching conditions are met, the module reports a vulnerability, indicating that the website is susceptible to brute-force attacks through the xmlrpc.php file.

For more information, you can refer to the following references:

- https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/

Metadata: max-

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
status: 200and
word: url, xmlrpc, isAdmin
Passive global matcher
No matching conditions.
On match action
Report vulnerability