Nowadays, most Professional Developers uses a Version Control Tool and now considered as a part of the Software Development.
Version Control is a system that records changes to a file or set of files over time so that they can recall specific versions later.
Some developers also includes Git Repository in their staging environment. However, they sometimes neglect removing the Git Repository after uploading the website to the internet or restricting unauthenticated users from accessing it.
By using Google Dork which filters results from Google, it allows other user to identify websites with publicly visible and accessible Git Repository. Like the screenshot of the website with a publicly visible Git Repository below.
Visible and Accessible Git Repository
After locating a target, I started downloading the files in the Git Repository using wget.
wget lets you download files from the internet or even mirror entire websites for offline viewing.
Retrieving the Git Repository
Then, I went to objects folder and randomly chose a folder and checked it.
Objects in the Git Repository
I chose folder 64 and found 2 files inside.
Then I have to concatenate 64(Folder) and 5f8669cf5704ae8d96c938c49d4b26b7466f9e(File) to get the Hash.
Hash = _64_5f8669cf5704ae8d96c938c49d4b26b7466f9e
Then, I used git cat-file command to show the contents of the hashed file.
git cat-file provides content or type and size information for repository objects
Content of the Hashed File
I found lot of files, directories, and 2 SQL Files(2 Databases). Without further ado, I immediately downloaded an SQL File.
Successfully downloaded the database.
But there’s a problem. The database is so huge and I can’t open it using XAMPP. So, I decided to use my premium hosting on GoDaddy to view the database.
342 Tables but no data inside.
As I mentioned above, you may remove the Git Repository or restrict unauthenticated user from accessing it. Below is one way to deny user’s requests to access the Git Repository.
<Directory ~ “\.git”>Order deny,allowDeny from all</Directory>
That is all folks! I hope you learned something with this blog post.
Note: This bug has already been reported.
Update: Resolved!