Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

XMLRPC Pingback SSRF

By kannthu

High
Vidoc logoVidoc Module
#xmlrpc#hackerone#ssrf#generic
Description

What is the "XMLRPC Pingback SSRF" module?

The "XMLRPC Pingback SSRF" module is a test case designed to detect a server-side request forgery (SSRF) vulnerability in XML-RPC pingback functionality. This module targets systems that use XML-RPC pingback and have a potential SSRF vulnerability. The severity of this vulnerability is classified as high.

Impact

A server-side request forgery (SSRF) vulnerability allows an attacker to make requests from the vulnerable server to other internal or external resources. In the case of the "XMLRPC Pingback SSRF" module, an attacker could potentially exploit this vulnerability to perform unauthorized actions, such as accessing internal resources or launching attacks against other systems.

How the module works?

The "XMLRPC Pingback SSRF" module works by sending a POST request to the "/xmlrpc/pingback" endpoint with a specific XML payload. The payload includes a URL parameter that represents the interaction URL. The module then checks if the response contains the "http" protocol, indicating a potential SSRF vulnerability.

Here is an example of the HTTP request sent by the module:

POST /xmlrpc/pingback HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value>http://{%InteractionURL%}</value>
</param>
</params>
</methodCall>

The module also includes a matching condition that checks if the response contains the "http" protocol. If the condition is met, the module will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability