". am i giving it enough time? on a recent assessment, i found an ssrf bug on an aws server where i almost didn ’ t leak aws temporary security credentials. during an initial investigation, i sent a “ super ” payload and saw a response in my pdf for the http : / / 169. 254. 169. 2…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
". mozilla. org / en - us / docs / web / http / basics _ of _ http / data _ urls - the link to the bhis logo was valid at the time this blog was written. for this technique, make sure you are using a url to an existent image. - https : / / blog. checkpoint. com / security / aws - …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1552.005Cloud Instance Metadata API
56%
"##simg = new image ; jsimg. src = " https : / / { { your _ burp _ collab _ url _ here } } " ; ' > < / img > " > < / img > < / body > is the server that ’ s rendering my pdf cloud hosted? a classic attack for showing the impact of an ssrf is to leak aws iam temporary security cred…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
52%
"/ / 169. 254. 169. 254 / latest / meta - data / iam / security - credentials > < / iframe > " > < / img > < / body > the second request is to leak the security credentials. copy the iam role name from the pdf and add it to the snippet, below. < body > < h1 > proof that you signed…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
37%
"often found scripts containing cleartext credentials and secrets at the user - data endpoint. see the following for more ideas on how to pillage the aws imds4. are there any known vulnerabilities in the component that ’ s generating the pdf? recently, i found an ssrf bug where th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
If you’ve been on a website and noticed one of the following features, there’s a good chance you’ve stumbled upon a hot spot for server-side request forgery (SSRF) bugs: Before […]
