Analysis
From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint
Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.
12 min read·#ssrf#cloud#aws