makeittotop/gist:b650a4f5727ef84f1e2023707af55fe4

## gistfile1.txt
Because Wordpress is widely used by Web masters and bloggers, any vulnerability in the WordPress suite that can be exploited could result in massive headaches across the Internet. In this case, the exploited feature is referred to as a "pingback."

All default installations of WordPress 3.5 come with the vulnerable feature enabled. A simple POST to a specific file on an affected WordPress server is all that is required to exploit this vulnerability. No special tools are required; a simple curl command is enough. The WordPress xml-rpc pingback feature has been abused to DDoS target sites using legitimate vulnerable WordPress sites as unwilling participants.

"The pingback feature in WordPress can be accessed through the xmlrpc.php file," Larry wrote. "One of the methods available in this API is the pingback.ping function. This function takes two parameters, the source URI and the target URI. With this function, other WordPress blogs can announce pingbacks."

He added:

When WordPress processes pingbacks, it's attempting to resolve the URL supplied to this function, if it succeeds it will make a request to the URL specified and check the response for a link to a certain WordPress blog post. If it finds a link, it will publish a comment on that blog post noting that this blog post was mentioned in their blog.

Essentially this is an open proxy allowing any malicious user to use a WordPress site to direct layer seven attacks at a target. This can also be abused to target internal systems if the webserver is hosted on an internal network. Adversaries can attempt to enumerate internal services and systems by specifying RFC1918 addresses and ports as target URLs. They can also change the configuration on certain web-enabled devices by placing login credentials in the target URL.
	Because Wordpress is widely used by Web masters and bloggers, any vulnerability in the WordPress suite that can be exploited could result in massive headaches across the Internet. In this case, the exploited feature is referred to as a "pingback."

	All default installations of WordPress 3.5 come with the vulnerable feature enabled. A simple POST to a specific file on an affected WordPress server is all that is required to exploit this vulnerability. No special tools are required; a simple curl command is enough. The WordPress xml-rpc pingback feature has been abused to DDoS target sites using legitimate vulnerable WordPress sites as unwilling participants.

	"The pingback feature in WordPress can be accessed through the xmlrpc.php file," Larry wrote. "One of the methods available in this API is the pingback.ping function. This function takes two parameters, the source URI and the target URI. With this function, other WordPress blogs can announce pingbacks."

	He added:

	When WordPress processes pingbacks, it's attempting to resolve the URL supplied to this function, if it succeeds it will make a request to the URL specified and check the response for a link to a certain WordPress blog post. If it finds a link, it will publish a comment on that blog post noting that this blog post was mentioned in their blog.

	Essentially this is an open proxy allowing any malicious user to use a WordPress site to direct layer seven attacks at a target. This can also be abused to target internal systems if the webserver is hosted on an internal network. Adversaries can attempt to enumerate internal services and systems by specifying RFC1918 addresses and ports as target URLs. They can also change the configuration on certain web-enabled devices by placing login credentials in the target URL.