From SSRF to RCE — Extracting AWS Credentials and Achieving Remote Code Execution
Summary
During testing of an AWS-hosted application, I identified a Server-Side Request Forgery (SSRF) issue in a URL-based feature. The application attempted to fetch user-supplied URLs on the server
security11.hashnode.dev5 min read