An attacker submits this URL-encoded parameter into a web form, API request, or webhook endpoint that takes a user-supplied URL and processes it on the back-end server.

AWS introduced in late 2019 to address the inherent risks of IMDSv1. The old version (v1) was a simple, unauthenticated HTTP endpoint on 169.254.169.254 . Any process on the instance—or any process that could trick the instance into making a request—could retrieve metadata.

The most common way to access this URL from outside the instance is through a vulnerability. For example:

With those credentials, an attacker can:

The metadata service returns the name of the IAM role.

A special internal address accessible only from within an EC2 instance. /latest/meta-data/iam/security-credentials/ This directory lists the IAM roles attached to the server.

Do not rely on blacklisting specific phrases like 169.254.169.254 . Attackers can easily bypass blacklists using decimal encoding ( 2852039166 ), hexadecimal encoding ( 0xa9fe09fe ), or by abusing custom DNS entries that resolve to the link-local address. Instead, implement a strict whitelist of allowed domains or protocols for the callback parameter. 2. Enforce IMDSv2 Across All Instances