Escalating SSRF to Accessing all user PII information by aws metadata
Hi, everyone
My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to leaked all user PII information by SSRF AWS metadata exploitation.
I am now offering 1:1 sessions to share my knowledge and expertise:
SPECIAL COVID-19 Note:
Don’t go outside without any reason . Stay home be safe and also safe other. Special request to my fellow bug-bounty hunter Take care of your health .
TOOLS used for the exploitation
1. Subfinder (https://github.com/projectdiscovery/subfinder)
2. httpx (https://github.com/projectdiscovery/httpx)
3. gau(Corben) — https://github.com/lc/gau
4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.
Story Behind the bug:
This is the write of my Recent bug that i found . While I was doing recon for gathering all urls from internet archives using waybackurls and gau. So started fuzzing the for ssrf vulnerability and found one but there was some filter going on behind the server which not allow me access the internal metadata but i bypass the waf to access the internal AWS metadata.
