Lucene search
K

130 matches found

Metasploit
Metasploit
added 2019/07/26 12:42 a.m.95 views

Windows x64 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 425 include Msf::Payload::Windows include Msf::Payload::Single include...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2019/07/26 12:42 a.m.59 views

Python Pingback, Bind TCP (via python)

Listens for a connection from the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' ...

6.8AI score
Exploits0
OSV
OSV
added 2019/06/21 7:15 p.m.14 views

CVE-2019-10718

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs...

7.5CVSS6.8AI score0.02657EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2019/06/20 12:0 a.m.227 views

BlogEngine.NET 3.3.6 / 3.3.7 XML Injection

Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Date: 19 June 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description ============== BlogEngine.NET is vulnerable to an Out-of-Band...

7.6AI score0.02657EPSS
Exploits5
Hacker One
Hacker One
added 2018/09/06 8:42 a.m.12 views

U.S. Dept Of Defense: SSRF on ████████

Summary: The web application hosted on the "███████" domain is affected by a Server Side Request Forgery SSRF vulnerability that could allows an attacker to force the application to make requests to arbitrary targets. Description: The affected handler is the "/xmlrpc/pingback/". This handler...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/06/26 12:0 a.m.99 views

Liferay Portal < 7.0.4 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686 0day.today 2018-06-26...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2018/06/26 12:0 a.m.22 views

Liferay Portal 7.0.4 - Server-Side Request Forgery

Liferay Portal 7.0.4 - Server-Side Request Forgery 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/26 12:0 a.m.106 views

Liferay Portal &lt; 7.0.4 - Server-Side Request Forgery

ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/06/13 12:0 a.m.2 views

WordPress Pingback Denial Of Service

WordPress XML-RPC pingback mechanism is used to link a blog to another. This mechanism can be exploited to execute a distributed denial of service DDoS attack either on the vulnerable website or to force the website to take part in a DDoS attack on a third party...

3.3AI score
Exploits0
Hacker One
Hacker One
added 2016/03/17 8:56 p.m.23 views

Veris: Wordpress Pingback DDoS Attacks in domain: veris.in

Hi team, Wordpress blogs that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website veris.in has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. PoC: ==== In...

Exploits0
Hacker One
Hacker One
added 2015/10/28 8:5 a.m.86 views

withinsecurity: DDOS using xmlrpc.php

Wordpress blogs that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The blog at withinsecurity.com has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order to...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2015/01/29 11:53 p.m.243 views

GHOST glibc Vulnerability Affects WordPress and PHP applications

After the disclosure of extremely critical GHOST vulnerability in the GNU C library glibc — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System CMS, could also be affected by the bug...

10CVSS8.2AI score0.94859EPSS
Exploits29
seebug.org
seebug.org
added 2014/08/08 12:0 a.m.59 views

Drupal /xmlrpc.php 拒绝服务漏洞 poc

早在2012 年 12 月 17 日一些采用 PHP 的知名博客程序 WordPress被曝光存在严重的漏洞,该漏洞覆盖WordPress 全部已发布的版本(包括WordPress 3.8.1)。该漏洞的 WordPress 扫描工具也在很多论坛和网站发布出来。工具可以利用 WordPress 漏洞来进行扫描,也可以发起DDoS 攻击。经过测试,漏洞影响存在 xmlrpc.php 文件的全部版本。 Pingback 是三种类型的反向链接中的一种,当有人链接或者盗用作者文章时来通知作者的一种方法。可以让作者了解和跟踪文章被链接或被转载的情况。一些全球最受欢迎的 blog 系统比如...

7.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.11 views

WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues

...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.65 views

WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning

...

6.4CVSS1.7AI score0.28857EPSS
Exploits3References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

WordPress 1.x/2.0.x Pingback SourceURI Denial of Service and Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22220/info WordPress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to consume memory and bandwidth resources, denying service to legitimate...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/04/11 12:0 a.m.37 views

WordPress XML-RPC PingBack vulnerability analysis-vulnerability warning-the black bar safety net

! Screen Shot 2014-03-12 at 9.47.56 AM A recent article outlines how to use the WordPress XML-RPC pingback functionDDosattack. This article will be on the attack for analysis, while for the site administrator to provide information to protect their website. This is not a new vulnerability WordPre...

0.1AI score
Exploits0
myhack58
myhack58
added 2014/04/09 12:0 a.m.34 views

WordPress XML-RPC PingBack vulnerability analysis-vulnerability warning-the black bar safety net

This is not a new vulnerability WordPress XML-RPC API is not new launch. The following is the seven years ago wordpress bug data. ! Screen Shot 2014-03-12 at 10.15.29 AM Although the vulnerability is not the latest, but the attack code/tools is nearly two years to appear. Tools for script kiddies...

0.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/03/20 12:0 a.m.0 views

WordPress Pingback Distributed Denial of Service

The XMLRPC Pingback function in WordPress can be used to force WordPress servers into sending HTTP requests to other servers. Remote attackers can leverage this function to conduct DDoS attacks by sending specially crafted HTTP requests to legitimate WordPress servers...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/12 4:13 p.m.27 views

162,000 WordPress Sites Used in DDoS Attack

More than 162,000 “popular and clean” WordPress sites were recently used in a large-scale distributed denial of service attack DDoS that exploited the content management system’s pingback feature. While the WordPress team is aware of the issue it’s not expected to be patched as it’s a default...

7.1AI score
Exploits0References4
Rows per page
Query Builder