SSRF and the cloud-metadata endpoint: the attack that breached Capital One
Traces how server-side request forgery reaches the EC2 metadata endpoint at 169.254.169.254, how that exact chain exposed 106 million Capital One records in 2019, and how IMDSv2's session-token design closes the door.
· 22 min read