SSRF Bug Leads To AWS Metadata Exposure

How can you leverage an SSRF (“Server Side Request Forgery”) vulnerability to evade filters and leak internal AWS credentials on a web application? Today I will discuss how I managed to utilize a webpage screenshot feature to bypass certain filters and exfiltrate server side AWS Metadata.

Introduction

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raymond Lind

Passionate Cybersecurity Professional and Advocate. A Love For Ethical Hacking, Bug Bounty Hunting, And Protecting All Technology.