操作步驟
步驟圖解
不是我愛寫,是因為腦袋的RAM不夠大,不寫下來馬上就忘了....
High | Cloud Metadata Potentially Exposed |
Description | The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure. |
All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field. | |
URL | https://xxx.com.tw/latest/meta-data/ |
Method | GET |
Parameter | |
Attack | 169.254.169.254 |
Evidence | |
Instances | 1 |
Solution | Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker. |
Reference | https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/ |
CWE Id | |
WASC Id | |
Plugin Id | 90034 |