Server Side Request Forgery Via DNS Rebinding in appsmithorg/appsmith
Oct 13th 2022
Appsmith below v1.8.1 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via DNS Rebinding technique to hit AWS internal metadata endpoint and for retrieving data.
Proof of Concept
Extract Cloud metadata's like AWS,GCP,Digitalocean etc. and hit internal resources and read access internally hosted web services.