Task Description
Hello support teams,
I hope this email finds you well. I am Devansh.I am a security researcher and I am writing to bring to your attention a security vulnerability that I have discovered on your website.
Report of bug is as follows:
Vulnerability name: .git file exposed
Website : https://security.alwaysdata.com/.git/config
Overview of the Vulnerability
The danger occurs when the application leaves the “. git” directory, which is in the system root, exposed. By carelessness, an application that uses Git for versioning can expose the “. git” directory.
Steps to Reproduce
1. open this website in the browser https://cdn.anscommerce.com/.git/config
2. you can see the git file is open
3 .by the dotgit extension you can download the git file
It can be exploited more but may cause harm to your website
Impact of the vulnerability
git folder is required to log every commit history and every other information required for your remote repository, version control, commits etc. These things are saved in different folders which have different meanings. Once the folder is created, open it and see the
References :
https://medium.com/stolabs/git-exposed-how-to-identify-and-exploit-62df3c165c37
https://www.acunetix.com/vulnerabilities/web/git-detected/
Please consider this as an urgent matter and prioritize the resolution of this vulnerability . if you require any additional information or assistance. Do let me know
Thank you for your attention to this matter, and I look forward to hearing from you soon.
Regards Devansh
|