XML-RPC come default enable all WordPress version therefore you should read this article.
First, We will use wpscan utilize for detect.
You should write your victim address instead of www.example.com
wpscan --url www.example.com --enumerate p
We have just detected xmlrpc.php. We need to check this page work or not.
I will use Burp for check page and attack method.
Before use Burp, you need adjust proxy settings. My proxy settings like that, I listen IP address 127.0.0.1 and 8080 port.
When we intercepted , we need sen to Repeater.
Our Request and Response like that so We could access this page. Let’s try some attack method. There is many method for this page. I will show a method or verify vulnerability.
First, We change request method. We need to post request.
Method has just changed.
We will list all method. We should add this commands below.
We have found some methods. We can try ping method.
<methodCall> <methodName>pingback.ping</methodName> <params><param> <value><string>targetadres:port</string></value> </param><param><value><string>your vuln wordpres ip adres</string> </value></param></params> </methodCall
Method will work , you need ajdust set ip address.
How could you prevent from this attack ?
There is easy solve for this.
First connect to FTP server than find file .htaccess and we will add this lines end of file.
# BEGIN Disable XML-RPC.PHP <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> # END Disable XML-RPC.PHP
Let’s try reach /xmlrpc.php. Page won’t work.