- Status Closed
-
Assigned To
cbay - Private
Opened by cyberoy - 12.10.2024
Last edited by cbay - 24.10.2024
FS#84 - Title: Exposed .git Directory on https://security.alwaysdata.com
Description:
An exposed .git folder has been discovered on the website https://security.alwaysdata.com, which allows unauthorized access to sensitive files related to the site's source code repository. This could potentially lead to the leakage of sensitive information, such as configuration settings and code, which can facilitate further attacks.
URL:
https://security.alwaysdata.com/.git/config
Details:
By accessing the .git folder, the following sensitive files were found to be publicly accessible:
.git/config
.git/index
.git/packed-refs
.git/info/exclude
.git/logs/HEAD
And many more.
Example of Sensitive Information Exposed:
[core]
repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true
[remote "origin"]
url = https://github.com/flyspray/flyspray.git fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin merge = refs/heads/master
Using a tool such as GitDump, the entire .git directory was successfully dumped, providing full access to the contents of the repository. This may lead to further exploitation by attackers.
Exposed URLs:
https://security.alwaysdata.com/.git/index https://security.alwaysdata.com/.git/packed-refs https://security.alwaysdata.com/.git/info/exclude https://security.alwaysdata.com/.git/logs/HEAD
Impact:
Unauthorized Access to Source Code: Attackers can gain access to the complete source code, potentially uncovering proprietary algorithms, logic, and confidential information that could be misused for malicious purposes, including code analysis or redistribution.
Sensitive Information Disclosure: The .git/config file and other repository metadata may contain sensitive information, such as database credentials, API keys, or other secrets, which could allow attackers to gain unauthorized access to critical components of the infrastructure.
Potential for Further Exploitation: With access to the source code and potentially sensitive configuration details, attackers may be able to exploit additional vulnerabilities or gain deeper access to the system.
Remediation:
Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):
<Directory ~ ".git">
Order allow,deny
Deny from all
</Directory>
If further information is required, please let me know.
Thanks.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
It's a public repository, so there's no security issue here.
Kind regards,
Cyril