Topcoder: SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature

Summary: Topcoder makes use of Amazons AWS in their web application environment. I noticed a feature that allows a user to subscribe and receive emails from Topcoder. This feature is vulnerable to server side request forgery since it allows a user to supply an arbitrary URL which the application...

The AWS metadata service SSRF vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently I was busy with a small project, to study how the Docker container executing untrusted Python code. According to the project requirements, I need to test more online code execution engine, research them on the various attacks of the reaction. In the research process, I foun...

Microsoft Azure Instance Metadata Enumeration (Windows)

Binary data enumeratemsazurevmwin.nbin...

Microsoft Azure Instance Metadata Enumeration (Unix)

Binary data enumeratemsazurevmnix.nbin...

Gather AWS EC2 Instance Metadata

This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

Code injection

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

Fedora 16 : cloud-init-0.6.3-0.5.bzr532.fc16 (2012-14189)

This update changes the URL that cloud-init uses as a fallback for instance metadata when http://169.254.169.254/ is not reachable from http://instance-data:8773/ to http://instance-data.:8773/ . It also fixes two systemd-related bugs. Note that the former will require DNS server reconfiguration ...

Fedora 18 : cloud-init-0.6.3-0.5.bzr532.fc18 (2012-13972)

This update changes the URL that cloud-init uses as a fallback for instance metadata when http://169.254.169.254/ is not reachable from http://instance-data:8773/ to http://instance-data.:8773/ . It also fixes two systemd-related bugs. Note that the former will require DNS server reconfiguration ...