Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneHappykira0x1H1:1575401
HistoryMay 19, 2022 - 9:29 a.m.

Yelp: xmlrpc file enabled

2022-05-1909:29:41
happykira0x1
hackerone.com
23
yelp
xmlrpc
security vulnerability
xspa
bruteforce
dos
restaurants.
JSON

Summary:

Hello team,
I have found a security vulnerability in ** restaurants.yelp.com/xmlrpc.php** which lets attacker to:
1: XSPA or PortScan
2: Bruteforce
3:DOS and much more

Platform(s) Affected:

https://restaurants.yelp.com

Steps To Reproduce:

1: Go to https://restaurants.yelp.com/xmlrpc.php to check if it is enabled or not. so the server altought respons with 403 error but the xmplrpc is enabled just the error because The following request requires permissions for some Boths.

Supporting Material/References:

     Reference:

https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
https://medium.com/@protector47/how-to-hack-wordpress-website-via-xmlrpc-php-61c813fa3740
https://hackerone.com/reports/325040?fbclid=IwAR0qgG-Xfzfi8epruslb_aB91f-Nj8DitF0su8O9ibFKSFdvefJ8h_qWNyc
https://hackerone.com/reports/752073?fbclid=IwAR2i3AM4woHlr01MvyJR-Vu485XQg_gxb1doWmAhSBTfxPK9cUSRFxO2iFo

Impact

This method is also used for brute force attacks to stealing the admin credentials and other important credentials
This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim.

JSON