Closed dev0x41 closed 2 years ago
jeswinMathai
commented
2 years ago Thanks for pointing it out. Currently, the SSRF and other API-related attacks work once the web page is refreshed/reloaded.
We will release an update soon to patch the session issue.
jeswinMathai
commented
2 years ago The bug has been fixed with #12
stuartcompton
commented
10 months ago Hi @jeswinMathai.
I have installed the AWSGoat successfully and can login fine. I am working on the SSRF part 1, and tried to upload the payload file:///etc/passwd/. I get a 502 CORS Missing Allow Origin error everytime when trying to save to https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/v1/save-content?value=file:///etc/passwd/
Any ideas?
Many thanks
Seems the SSRF part 1 does not work as per the guide. The response is 'Invalid Authorization'. I think its expected this will be done using a self registered user, I don't see alternate credentials for this elsewhere or referred to in the guide. The error is the same trying to upload an image as in normal, non exploitation activity.