xmlrpc file enabled

## Summary: Hello team, I have found a security vulnerability in ** restaurants.yelp.com/xmlrpc.php** which lets attacker to: 1: XSPA or PortScan 2: Bruteforce 3:DOS and much more ## Platform(s) Affected: https://restaurants.yelp.com ## Steps To Reproduce: 1: Go to https://restaurants.yelp.com/xmlrpc.php to check if it is enabled or not. so the server altought respons with 403 error but the xmplrpc is enabled just the error because The following request requires permissions for some Boths. ## Supporting Material/References: Reference: https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32 https://medium.com/@protector47/how-to-hack-wordpress-website-via-xmlrpc-php-61c813fa3740 https://hackerone.com/reports/325040?fbclid=IwAR0qgG-Xfzfi8epruslb_aB91f-Nj8DitF0su8O9ibFKSFdvefJ8h_qWNyc https://hackerone.com/reports/752073?fbclid=IwAR2i3AM4woHlr01MvyJR-Vu485XQg_gxb1doWmAhSBTfxPK9cUSRFxO2iFo ## Impact This method is also used for brute force attacks to stealing the admin credentials and other important credentials This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim.