Files - The attacker may be able to read files using file:// URIs The attacker may also use this functionality to import untrusted data into code that expects to only read data from trusted sources, and as such circumvent input validation.
36
36
37
+
Fun SSRF Payloads to try....
38
+
39
+
AWS
40
+
41
+
```
42
+
http://169.254.169.254/latest/user-data/
43
+
```
44
+
45
+
If iam is present then its party time you can get AWS keys.