Web source code leaks:

  • Git source code leak
  • SVN source Code Leakage
  • Hg source code leakage
  • CVS leaked
  • Bazaar /.bzr leak
  • Site backup compressed files
  • WEB-INF/web.xmlLet the cat out of the
  • The DS_Store file is leaked
  • SWP files are leaked
  • GitHub source code leak

1. Git source code leakage

Git is an open source distributed version control system. When you initialize a directory with Git init, a. Git directory is automatically created in the current directory to record code changes. If you release code without removing the.git directory, you release it directly to the server so that an attacker can recover the source code. Exploit tool: GitHack Github project address: github.com/lijiejie/Gi… Usage Examples:

GitHack.py http://www.openssl.org/.git/
Copy the code

Fix suggestion: Delete the. Git directory or modify the middleware configuration to access the. Git hidden folder.

2. SVN source code is leaked

SVN is an open source version control system. When you use SVN to manage local code, a hidden folder named.svn is automatically generated, which contains important source code information. The webmaster does not use the “export” function when publishing code, but copies the code folder directly to the WEB server, which exposes the. SVN hidden folder to the external environment and allows the. SVN /entries file to obtain the server source code.

Vulnerability exploitation tool: Seay SVN vulnerability exploitation tool



Repair Suggestion: Delete all. SVN hidden folders in the web directory. When using the SVN, developers strictly use the export function and do not copy code directly.

3. Hg source code leakage

Mercurial is a lightweight distributed version control system that generates.hg when using HG Init. Exploit tool: DVCs-ripper Github project address: github.com/kost/dvcs-r… Usage Examples:

rip-hg.pl -v -u http://www.example.com/.hg/
Copy the code

4. CVS leaks

CVS is a C/S system in which multiple developers record file versions through a central version control system to ensure file synchronization. This is mainly for CVS/Root and CVS/Entries directories, where you can see the leaked information directly.

http://url/CVS/Root returns the root information http://url/CVS/Entries returns the structure of all filesCopy the code

Exploit tool: DVCs-ripper Github project address: github.com/kost/dvcs-r… Run example:

rip-cvs.pl -v -u http://www.example.com/CVS/
Copy the code

5. Bazaar/ BZR leak

BZR is also a version control tool, although it is not very popular, but it also supports multiple platforms and has a nice graphical interface. Run example:

rip-bzr.pl -v -u http://www.example.com/.bzr/
Copy the code

6, website backup compressed files

The administrator backs up the source code of the website in the Web directory. The attacker downloads the backup file by guessing the file path, causing source code leakage. Common backup file suffixes:

  • .rar
  • .zip
  • .7z
  • .tar.gz
  • .bak
  • .txt
  • .old
  • .temp

Exploit tool: imperial sword



7,WEB-INF/web.xmlLet the cat out of the

Web-inf is the secure directory of Java WEB applications. If you want to access the files in the directory directly, you must map the files to the WEB. XML file. Web-inf contains the following files or directories:

Web-inf /web. XML: WEB application configuration file that describes the configuration and naming of servlets and other application components. Web-inf /database.properties: database configuration file web-INF /classes/ : Used to store Java class files (.class) web-INF /lib/ : Web-inf/SRC / : for storing source code (.asp,.php, etc.)Copy the code

By finding the web. XML file, infer the path of the class file, and finally direct the class file, and then decompile the class file, get the source of the website.

8, DS_Store file leak

DS_Store is the Mac Finder’s data file that holds how to display files/folders, one for each folder. If you upload.DS_Store to the server for deployment, file directory structure may be leaked, especially backup files and source files. Exploit tool: Github project address: github.com/lijiejie/ds… Usage Examples:

ds_store_exp.py http://hd.zj.qq.com/themes/galaxyw/.DS_Store
Copy the code

9. SWP file leakage

SWP is a temporary file generated during file editing. It is a hidden file. If the program exits normally, the temporary file will be deleted automatically. Exploit: directly access. SWP file, download back to delete the end of the. SWP, obtain the source file.

GitHub source code leak

GitHub is a hosting platform for open source and proprietary software projects. Many people like to upload their own code to the platform hosting, by keyword search, can find sensitive information about the target site, or even download the source of the site. There are many similar code hosting platforms, but talent is the biggest vulnerability.

https://github.com/[email protected]&type=code
Copy the code

IO/ctF-wiki /we… Evilpan.com/2017/09/22/…