Exploit SSRF to gain AWS Credentials

Exploit SSRF to gain AWS Credentials

In the cloud, it’s common to implement decoupled components that integrate and process client data transparently. Without adequate security controls at each component; multiple vulnerabilities will provide an attack path for threats to exploit. One common path includes vulnerable applications running on AWS EC2 with default instance metadata services (IMDS) configurations and server side request forgeries (SSRF). Let’s…