Esse Esse Erre Effe
Esse Esse Erre Effe stand for the portuguese pronunciation of SSRF. It's a simple SSRF using a redirect to bypass filters and extract metadata from them cloud infrastructure.
Last updated
Esse Esse Erre Effe stand for the portuguese pronunciation of SSRF. It's a simple SSRF using a redirect to bypass filters and extract metadata from them cloud infrastructure.
Last updated
The application allows the user to input a url to a website and returns the response inside a json afterwards.
If we try to access the api ip directly the app denies to retrieve the data.
We can try to retrieve data by making the server send us a request and then redirect it to cloud api via an http Location header.
One could simply server the following php code:
And point the ssrf request to the controled server, to retrieve the metadata.
And the flag is retrieved among the metadata :0
