Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3339] No subject

Browse source
This commit is contained in:
CPol 2022-07-27 16:21:20 +00:00 committed by gitbook-bot
parent 9fd4c3d000
commit da8fe023ec
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
View file

@ -128,7 +128,7 @@ The **name** of the **interesting env variables** are:
* `AWS_SECRET_ACCESS_KEY`
* `AWS_ACCES_KEY_ID`
Moreover, in addition to IAM credentials, Lambda functions also have **event data that is passed to the function when it is started**. This data is made available to the function via the [runtime interface](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html). Unlike IAM credentials, this data is accessible over standard SSRF at **`http://localhost:9001/2018-06-01/runtime/invocation/next`**.
Moreover, in addition to IAM credentials, Lambda functions also have **event data that is passed to the function when it is started**. This data is made available to the function via the [runtime interface](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html) and could contain **sensitive** **information** (like inside the **stageVariables**). Unlike IAM credentials, this data is accessible over standard SSRF at **`http://localhost:9001/2018-06-01/runtime/invocation/next`**.
{% hint style="warning" %}
Note that **lambda credentials** are inside the **env variables**. So if the **stack trace** of the lambda code prints env vars, it's possible to **exfiltrate them provoking an error** in the app.