This scripts aims to perform SSRF in in PingBack vulnerability (abusing the WordPress xmlrpc.php file exposure).
- Clone the repository:
git clone 'https://github.com/rodrigocolozio/pingbackToSSRF.git'
- Change directory to where you've cloned it
- chmod +x pingback-ssrf.py
- Run it:
python3 pingback-ssrf.py
python3 pingback-ssrf.py --target_url https://domain.com/xmlrpc.py --blog_url https://domain.com/blog/post --IP 172.26.3.
PS.: IP argument must include the last dot as the example above
This is an open-source project, and contributions are welcome. Feel free to fork the repository, make improvements, and submit pull requests. Your feedback and collaboration help enhance the pentest-image for the entire community.