Server-Side Request Forgery (SSRF)
Your application fetches a URL. The user supplied it. Your server makes the request, follows the redirect, and returns the content. The URL pointed to http://169.254.169.254/latest/metadata/iam/security-credentials/production-role. Your application just handed the attacker your cloud credentials. SS
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · tech
- [TECH] Nigeria urges African cooperation to build AI capacity
- [TECH] Day 3: Prompting Techniques in AI (Part 1)
- [TECH] Terraform Workflow: Automatiza tu infraestructura desde cero
- [TECH] Traducción instantánea de Google: trucos para aprovecharla al máximo con o sin auriculares
- [TECH] Google, VNG launch AI lab in Vietnam
- [TECH] Any good podcasts or interviews on future space travel?