HolyGhost logoHolyGhost

#aws

1 post

Analysis

From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint

Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.

12 min read·#ssrf#cloud#aws