From da31d88a9f53e9fc524bf1443db8d0eea4ad285e Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Mon, 28 Feb 2022 13:38:21 -0500 Subject: [PATCH] Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs --- misconfiguration/proxy/metadata-openstack.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/misconfiguration/proxy/metadata-openstack.yaml b/misconfiguration/proxy/metadata-openstack.yaml index f5f729ae1f..7595ed67b6 100644 --- a/misconfiguration/proxy/metadata-openstack.yaml +++ b/misconfiguration/proxy/metadata-openstack.yaml @@ -1,11 +1,13 @@ id: metadata-service-openstack + # This attack abuses a misconfigured proxy that allows access to the metadata # IP or a name which resolves to the IP. A standard proxy request is made to -# the proxy using the full metadata URL, which the proxy will fulfull to its -# own metadata sevice. -# +# the proxy using the full metadata URL, which the proxy will fulfill to its +# own metadata service. + # The proxy may also be vulnerable to host/port enumeration on localhost or # inside the private network. + info: name: Openstack Metadata Service Check author: sullo @@ -36,4 +38,5 @@ requests: part: body words: - "vendor_data.json" -# Enhanced by cs on 2022/02/14 + +# Enhanced by cs on 2022/02/28