Skip to content

ykankaya/Wordpress-XMLRPC-Brute-Force-Exploit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 Last Updated: 20170215 https://crowdshield.com

ABOUT: This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.

USAGE: ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 [username2] [username3]...

About

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%