phpxmlsecurityxml-rpc

Xmlrpc is vulnerable to xxe attack?


May be this is out of the topic but it is important aspect for me, so i am now asking to you guys,

I have a website contains the xmlrpc.php file then Is it vulnerable to the xxe attack like if any one can pull out all the methods by using the system.listMethods. Hope you understand what i am talking about. How an attacker can exploit it?

Thank you.


Solution

  • In default settings, XMLRPC is not vulnerable in Java and Python against XXE attacks. You can check it here; http://www.securiteam.com/securitynews/6D0100A5PU.html