点到为止之阔知网络git泄露(第二弹)

2015-12-20T00:00:00
ID SSV:96053
Type seebug
Reporter Root
Modified 2015-12-20T00:00:00

Description

简要描述:

据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。 上一次提交了你们没有礼物,这次该有了吧?

详细说明:

官网:http://www.topxia.com git文件泄露:

http://www.topxia.com/.git/config

如图:

<img src="https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png" alt="2015-12-20_144356.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png" alt="2015-12-20_144502.png" width="600" onerror="javascript:errimg(this);">

漏洞证明:

[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = ssh://git@gitlab.howzhi.net:4411/topxia/topxia-site.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master