51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
id: xpl-git-config
|
|
info:
|
|
name: ".git Directory Exposure"
|
|
author: imtaqin
|
|
severity: high
|
|
description: |
|
|
Exposed .git/config or .git/HEAD — the entire git repository
|
|
(with history + potentially secrets) can be dumped.
|
|
tags:
|
|
- exposure
|
|
- git
|
|
reference:
|
|
- https://github.com/internetwache/GitTools
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/.git/config"
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status: [200]
|
|
# exact signature of a git config file
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "[core]"
|
|
- "repositoryformatversion"
|
|
condition: and
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- "(?i)content-type:\\s*text/html"
|
|
negative: true
|
|
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/.git/HEAD"
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status: [200]
|
|
# HEAD file is short + starts with "ref:" or is a 40-char hex hash
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "^(ref: refs/heads/|[a-f0-9]{40})"
|
|
- type: dsl
|
|
dsl:
|
|
- "size < 200"
|