Hello Guys..!!
Happy New Year 2023 to all my followers 🥳
Hope you are doing well
Google Dorks:
Google Dorks:
allintext:index filetype:git
Note: I have found an exposed .git with some sensitive source code on one of the Indian government websites and reported the same to NCIIPC India (National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Sec 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16th Jan 2014 Based in New Delhi, India, it is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection.) and received an Acknowledgement from them as shown below.
Impact: Any Malicious User can download the exposed .git data into their local system using the git dumper tools and retrieve all the recent commits that happened in their git folder.
Please refer below articles for more details on how this process can be achieved and how attackers can gain confidential data using this method.
Thank you guys for Reading this Post — Happy Hunting 🐞
If you like this post, don’t forget to give me a clap 👏
Resources: Google
Reference:
1) https://jacobriggs.io/blog/posts/source-code-disclosure-via-exposed-git-29.html
2) https://iosentrix.com/blog/git-source-code-disclosure-vulnerability/
Support me: If you like to support me, buy me a cup of coffee ☕
Follow me: @0xKayala | Satya Prakash