Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28874
HistoryDec 18, 2012 - 12:00 a.m.

Wordpress Pingback Port Scanner

2012-12-1800:00:00
vulners.com
435
JSON

Hi folks,
Wordpress 3.5 has it's XML-RPC Interface enabled by default. See here for more information:
http://www.ethicalhack3r.co.uk/security/introduction-to-the-wordpress-xml-rpc-api/
http://codex.wordpress.org/Version_3.5#Settings

I read through the article and took a look at the Pinback API since it is public available on many Wordpress installations.
The cool thing is: you can do a port scan using the Pingback API
You can even scan the server itself or discover some hosts on the internal Network this server is on.
So i wrote this little Ruby Script to utilize this "feature":

https://github.com/FireFart/WordpressPingbackPortScanner

You can even use multiple Wordpress XML-RPC Interfaces to scan a single host so this can be some kind of distributed port scanning.

Chris

JSON