How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to to find 9 full SSRF vulnerability with AWS metadata access by doing some GITHUB recon.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

SPECIAL COVID-19 Note:

Don’t go outside without any reason . Stay home be safe and also safe other. Special request to my fellow bug-bounty hunter Take care of your health .

TOOLS used for the exploitation

1. Subfinder (https://github.com/projectdiscovery/subfinder)

2. httpx (https://github.com/projectdiscovery/httpx)

3. gau(Corben) — https://github.com/lc/gau

4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.

Story Behind the bug:

This is the write of my Recent bug that i found . While I was doing recon on GitHub. How i was able to find 9 ssrf vulnerability and I am not an expert in GitHub recon but like to find admin dashboard and path, endpoint on github. If you want to learn about GitHub recon follow @GodfatherOrwa and @th3g3nt3lman they are legend in github recon.

Here it goes: