Go for the public, known bug bounties and earn your respect within the community. Test only where you are allowed to do so. I would like to add that any illegal action is your own, and I can not be held responsible for your actions against a vulnerable target. Note that in this tutorial/cheatsheet the domain “” is actually an example and can be replaced with your specific target. Unfortunately on the normal installation (not tampered with settings, and/or configs) of WordPress the XML-RPC interface opens two kinds of attacks:Īccording to the WordPress documentation ( ), XML-RPC functionality is turned on by default since WordPress 3.5. an image for a post)įor instance, the Windows Live Writer system is capable of posting blogs directly to WordPress because of XML-RPC. The XML-RPC API that WordPress provides several key functionalities that include: XML-RPC on WordPress is actually an API that allows developers who make 3rd party application and services the ability to interact to your WordPress site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |