.png)
5 hours ago
5 BOOK THIS SPACE FOR AD
ARTICLE AD
![Bug Bounty Notes [Mr.Horbio]](https://miro.medium.com/v2/resize:fill:48:48/1*vDt8m23RZVQqZ-36XJA6PA.jpeg){kind=small}
Hi hackers welcome back to my new article. Why am I writing this story the reason is that I have completed my wordpress testing on the target website. I don’t have knowledge about wp testing by doing some research I got this vulnerability that is an xmlrpc.php file.
I will explain all things about
/xmlrpc.php file.
XML-RPC on wordpress is actually an API.It gives a path to developers to communicate with the wordpress website.It helps in :
Publish a postEdit a postDelete a postUpload a new fileGet a list of commentsEdit commentsThe main weaknesses associated with xml-rpc are :
Attackers try to login in wordpress using xml-rpc.php-Brute force attack
This is what you originally see when you try to open the xmlrpc.php located athttp://<targetWebSite.com>/<wordpress directory>/xmlrpc.php
2. Open your proxy (I am using burp )and resend the request.
3. The first thing to do now is Send a POST request and list all the available methods , why ? cause that’s how we’ll know which actions are even possible to make and…
![Unique ways to Recon for Bug Hunters: Short series [Part 1]](https://miro.medium.com/v2/resize:fit:1022/1*R_zUrIEG7iWk-dK2gVOXUg.png)
Bengali (Bangladesh) · 
English (United States) ·