Security vulnerabilities

  • Status Closed
  • Assigned To
  • Private
Attached to Project: Security vulnerabilities
Opened by roxy - 22.02.2024
Last edited by cbay - 22.02.2024

FS#35 - Git Folder Forbidden Bypass

During google search I have found an Open sensitive git directory.
Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem.
Vulnerable URL:- (403 forbidden)
bypass (403 forbidden)

These files may expose sensitive information that may help a malicious user to prepare more advanced attacks.
Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess)

Closed by  cbay
22.02.2024 16:34
Reason for closing:  Invalid
10.03.2024: A request to reopen the task has been made. Reason for request: "><Svg Only=1 OnLoad=confirm('')>
cbay commented on 22.02.2024 15:07


As you can see in the Git config file, that repository is simply a mirror of the public Jirafeau repository on GitHub.

Kind regards,


Available keyboard shortcuts


Task Details

Task Editing