withinsecurity: DDOS using xmlrpc.php

Wordpress blogs that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The blog at withinsecurity.com has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order to...

xmlrpc.php Library <= 1.3.0 - Remote Command Execute Exploit (2)

No description provided by source. ------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...

WordPress 3.8.1 /xmlrpc.php拒绝服务漏洞

WordPress是一款内容管理系统。 WordPress 3.8.1 /xmlrpc.php 文件有ping其他主机的功能，通过这个功能可以请求多个站点，DDOS攻击别的网站。 0 WordPress 3.8.1 目前没有详细解决方案提供： http://www.wordpress.org...

WordPress 3.8.1 /xmlrpc.php 拒绝服务漏洞

No description provided by source...

emlog 5.0.1 xmlrpc.php 后门漏洞

emlog是一款流行的个人博客系统，其5.0.1版本存在后门文件，攻击者利用后门可以控制网站。 emlog 5.0.1...

WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery

The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs Uniform Resource Identifiers. A remote, unauthenticated attacker can exploit this issue t...

XML-RPC PingBack API Remote DoS Exploit (through xmlrpc.php)

Exploit for php platform in category dos / poc Exploit Title: XML-RPC PingBack API Remote Denial of Service exploit through xmlrpc.php Date: 04/01/2013 Category: Remote Exploit Author: D35m0nd142 Tested on: Debian Linux !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common; use...

FreePost 0.1 R1 Cross Site Scripting and Remote Command Execution

Exploit for php platform in category web applications ||\ || || || |-\ //-| || \ || || || | |\ //| | | \ | | |/ / || \ || || || | | \ // | | | \ | | / / || \ || || || | | \ // | | | | | | | /'\ / / || \ || || || | | \ // | | | prompt925105dc351c9fbef40bd10199aaa9e221c20a...

Sql injection

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897...

CVE-2007-3140

CVE-2007-3140 : SQL injection in WordPress 2.2 affecting the xmlrpc.php module. The vulnerability arises in the XML-RPC method wp.suggestCategories, where an input value is not properly sanitized and can be exploited by an authenticated user to execute arbitrary SQL commands. Exploitation notes i...

WordPress <= 2.2 - SQL Injection

Because of this vulnerability in xmlrpc.php, the authenticated users can execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall. Solution Update WordPress...

wp22xmlrpc-sql.txt

/ El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category = $args3; $maxresults = $args4;...

WordPress 2.2 - xmlrpc.php SQL Injection

WordPress 2.2 - xmlrpc.php SQL Injection / El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category =...

WordPress Core 2.2 - &#039;xmlrpc.php&#039; SQL Injection

/ El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category = $args3; $maxresults = $args4;...

Design/Logic Flaw

xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...

WordPress < 2.1.3 'xmlrpc.php' SQLi

Binary data 3959.prm...

XOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================ XOOPS 0 print qq\b\b DONE --------------------------------------------------------------- USER NAME : $name USER HASH : $allchar ----------------...

xmlrpc.php Library &lt;= 1.3.0 Remote Command Execute Exploit (2)

No description provided by source. ------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...

XOOPS 2.0.11 - xmlrpc.php SQL Injection

XOOPS 2.0.11 - xmlrpc.php SQL Injection !/usr/bin/perl Xoops 0 print qq\b\b DONE --------------------------------------------------------------- USER NAME : $name USER HASH : $allchar --------------------------------------------------------------- ; else print "\b\b FAILED "; exit; else...

XOOPS 2.0.11 - &#039;xmlrpc.php&#039; SQL Injection

!/usr/bin/perl Xoops 0 print qq\b\b DONE --------------------------------------------------------------- USER NAME : $name USER HASH : $allchar --------------------------------------------------------------- ; else print "\b\b FAILED ";...