qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Git-repository-found.json

68 lines
2.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Git repository found",
"Description": "Subversion metadata directory (.svn) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that popular version control tool Subversion creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem.",
"Product": "git",
"Homepage": "https://git-scm.com/",
"DisclosureDate": "2017-01-01",
"Author": "gobysec@gmail.com",
"FofaQuery": "protocol=web",
"GobyQuery": "protocol=web",
"Level": "3",
"Impact": "It allows malicious hackers to gather relevant information which can be used later in the attack lifecycle, in order to achieve more than they could if they didnt get access to such information.",
"Recommendation": "Remove these files from production systems or restrict access to the .idea directory. ",
"References": [
"https://www.acunetix.com/vulnerabilities/web/git-repository-found/",
"https://github.com/arthaud/git-dumper",
"https://github.com/lijiejie/GitHack"
],
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/.git/config",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "[core]",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": null,
"Tags": ["infoleak", "webvulscan"],
"CVEIDs": null,
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink