The .gitmodules file was exposed on the web server as part of an accessible .git directory.This exposure indicated a misconfiguration that could have allowed attackers to explore the .git directory further and potentially reconstruct or download the full source code repository.
PoC代码[已公开]
id: exposed-gitmodules
info:
name: .gitmodules File Exposed
author: pussycat0x
severity: high
description: |
The .gitmodules file was exposed on the web server as part of an accessible .git directory.This exposure indicated a misconfiguration that could have allowed attackers to explore the .git directory further and potentially reconstruct or download the full source code repository.
reference:
- https://www.acunetix.com/vulnerabilities/web/git-repository-found/
- https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html
tags: exposure,git,source-disclosure,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/.gitmodules"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contain_all(body, '[submodule', 'path =', 'url =')"
condition: and