漏洞描述
如果泄露核心代码或敏感配置文件,该漏洞定为高危,否则是中危。
git-leak: Git 代码托管泄漏
PoC代码[已公开]
id: git-leak
info:
name: Git 代码托管泄漏
author: zan8in
severity: high
verified: true
description: 如果泄露核心代码或敏感配置文件,该漏洞定为高危,否则是中危。
tags: git,leak
created: 2023/07/20
rules:
r0:
request:
method: GET
path: /.git/
expression: response.status == 403 && response.body.bcontains(b'403 Forbidden') && response.body.bcontains(b'You do not have permission to access /.git/')
r1:
request:
method: GET
path: /.git/config
expression: response.status == 200 && response.body.bcontains(b'[core]') && response.body.bcontains(b'repositoryformatversion') && response.body.bcontains(b'[branch')
expression: r0() || r1()