Lab Resources:

What is on this virtual machine?

What is SSRF?

Testing the Website:

Lab Objective:

Test 1: Is it vulnerable at all?

image.png

image.png

Test 2: AWS infrastructure information leak via the meta-data AWS endpoint associated with AWS instances.

In the ‘comment’ field type:

<iframe
  src="<http://169.254.169.254/latest/meta-data/>"
  width="600"
  height="400">
</iframe>

Note: This will hang and produce no output! (This is not an AWS server.)