git-exposure: Git Metadata Directory Exposure

漏洞描述

PoC代码[已公开]

id: git-exposure

info:
  name: Git Metadata Directory Exposure
  author: tess
  severity: medium
  description: Git Metadata Directory exposed.
  metadata:
    verified: true
    max-request: 1
  tags: logs,git,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.git/"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "403 Forbidden"
          - "You do not have permission to access /.git/"
        condition: and

      - type: status
        status:
          - 403
# digest: 4b0a00483046022100c7da8eef9748f7d32f083ee532db64b41ad65d1a8cb51774a87a972162263954022100ee5a31d6a40def1b3e6923d758105101f8c81e0b425003649d1be2bed52e3c06:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 西部数码 NAS sendLogToSupport.php 远程代码执行漏洞
• gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
• western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
• POC CVE-2024-45409: GitLab - SAML Authentication Bypass
• POC CVE-2024-9487: GitHub Enterprise - SAML Authentication Bypass
• POC CVE-2025-25291: GitLab - SAML Authentication Bypass
• POC CVE-2010-2307: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
• POC CVE-2016-10108: Western Digital MyCloud NAS - Command Injection
• POC CVE-2018-1000533: GitList < 0.6.0 Remote Code Execution
• POC CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
• POC CVE-2018-14912: cgit < 1.2.1 - Directory Traversal
• POC CVE-2018-17153: Western Digital MyCloud NAS - Authentication Bypass
• POC CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery