漏洞描述
Git Mailmap file is exposed.
git-mailmap: Git Mailmap File Disclosure
PoC代码[已公开]
id: git-mailmap
info:
name: Git Mailmap File Disclosure
author: geeknik,DhiyaneshDK
severity: low
description: Git Mailmap file is exposed.
reference:
- https://man7.org/linux/man-pages/man5/gitmailmap.5.html
classification:
cpe: cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: git-scm
product: git
shodan-query: html:mailmap
tags: config,exposure,git,mailmap,files,vuln
http:
- method: GET
path:
- "{{BaseURL}}/.mailmap"
matchers-condition: and
matchers:
- type: regex
regex:
- "(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21\\x23-\\x5b\\x5d-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21-\\x5a\\x53-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])+)\\])"
- type: word
part: header
words:
- "application/octet-stream"
- type: word
part: body
words:
- "# Theresa O'Connor:"
negative: true
- type: status
status:
- 200
# digest: 490a00463044022036e113a61e882f2ecc5d3fcd45ec33575ea1137fcf0652329d29a7954e12612e0220169778d93211cbd7188f7eeb39013d07c3c56b38cb6d08be25515c61955db2d2:922c64590222798bb761d5b6d8e72950