This is the base URL of a WordPress site which will be used to test the GHOST vulnerability (CVE-2015-0235). Example:


About this tool

The GHOST vulnerability scanner attempts to find servers vulnerable to CVE-2015-0235, also known as the GHOST vulnerability in Glibc <= 2.18. The bug can be detected remotely via Wordpress - which is used to trigger the vulnerability via the XML-RPC interface.

The vulnerability was categorised as highly critical because it could lead to remote code execution on the affected server. A public exploit exists for this vulnerability, however, it targets the Exim mail server. Exploitation for other platforms is considered difficult.


  • Wordpress site: This is the URL of the Wordpress installation which will be used to trigger and verify the bug.

How it works

The scanner sends a pingback request to the XML-RPC interface of Wordpress (xmlrpc.php) using a long hostname parameter. If the server is vulnerable, it will respond with a 500 error code or with an abrupt connection close.

The normal functionality of the server is not affected by this scan.