: Many misconfigured reverse proxies or Web Application Firewalls (WAFs) will forward standard GET requests but block or strip out unusual PUT requests and headers, stopping external exploit attempts.
Once an attacker has command execution on a VM (via a vulnerability like Log4Shell), they run: curl-url-http-3A-2F-2F169.254.169.254-2Flatest-2Fapi-2Ftoken