alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	35	Closed	~~Git Folder Forbidden Bypass~~	roxy	Task Description Hi, During google search I have found an Open sensitive git directory. Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. Vulnerable URL:- https://upload.alwaysdata.com/.git/ (403 forbidden) bypass https://upload.alwaysdata.com/.git/config https://upload.alwaysdata.com/.git/logs/HEAD https://security.alwaysdata.com/.git/ (403 forbidden) bypass https://security.alwaysdata.com/.git/config https://security.alwaysdata.com/.git/logs/HEAD These files may expose sensitive information that may help a malicious user to prepare more advanced attacks. Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess) Thanks

Closed

~~Git Folder Forbidden Bypass~~

Task Description

Hi,
During google search I have found an Open sensitive git directory.
Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem.
Vulnerable URL:-
https://upload.alwaysdata.com/.git/ (403 forbidden)
bypass
https://upload.alwaysdata.com/.git/config https://upload.alwaysdata.com/.git/logs/HEAD

https://security.alwaysdata.com/.git/ (403 forbidden)
bypass
https://security.alwaysdata.com/.git/config https://security.alwaysdata.com/.git/logs/HEAD

These files may expose sensitive information that may help a malicious user to prepare more advanced attacks.
Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess)
Thanks

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task