| LinkBack |
 LinkBack URL |
 About LinkBacks |
| Bookmark & Share |
 Digg this Thread! |
 Add Thread to del.icio.us |
 Bookmark in Technorati |
 Tweet this thread |
xmlrpc.php is a legacy feature used for pingbacks and remote posting. It is often enabled by default.
: HackTricks details how to identify a WordPress site and its components. This includes finding the core version, active plugins, and themes through path analysis (e.g., /wp-content/plugins/ ) and files like readme.txt . Common Attack Vectors :
For those looking to secure their sites, the official HackTricks WordPress page serves as both an offensive playbook and a defensive checklist. Wordpress - HackTricks hacktricks wordpress
curl -I https://veridianhome.com
Can be used to make the WordPress site attack a third party (DDoS amplification) by using the pingback.ping method. xmlrpc
If you dump credentials from wp-config.php , you can connect to the database directly.
This often returns a JSON list of registered users, including their IDs and usernames (slugs). This includes finding the core version, active plugins,
: Attackers often try to find valid usernames to facilitate brute-force attacks. This can be done via: JSON API : Accessing /wp-json/wp/v2/users . Author Archives : Appending ?author=1 to the root URL.
curl -s -I https://target.com/?author=1 | grep Location # Location: https://target.com/author/admin/