Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The DigitalOcean Metadata Service Check is a module designed to detect misconfigurations in the DigitalOcean host. It specifically focuses on the DigitalOcean metadata service and checks for exposure through a misconfigured proxy. This module is critical in severity and can help identify potential vulnerabilities in the DigitalOcean infrastructure.
If a misconfigured proxy is detected, it could potentially expose sensitive information from the DigitalOcean metadata service. This could include details such as droplet IDs, which can be used by attackers to gain unauthorized access or perform further attacks on the host.
The DigitalOcean Metadata Service Check module sends an HTTP request to the target host, specifically to the /metadata/v1.json
endpoint. It checks the response body for the presence of the keyword "droplet_id". If this keyword is found, it indicates that the metadata service is exposed through a misconfigured proxy.
Here is an example of the HTTP request sent by the module:
GET http://<hostval>/metadata/v1.json HTTP/1.1
Host: <hostval>
The module uses the <hostval>
payload value, which can be either "aws.oast.online" or "169.254.169.254". This allows the module to test different hosts for potential misconfigurations.
If the matching condition is met and the keyword "droplet_id" is found in the response body, the module will report a vulnerability.