LeakIX - Host hilfe.mbgft.de

Domain hilfe.mbgft.de

Germany

netcup GmbH

Software information

nginx nginx 1.22.1

tcp/443 tcp/80 tcp/8443

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 202.61.238.22
Domain: hilfe.mbgft.de
Port: 443
URL: https://hilfe.mbgft.de

First seen 2022-08-13 06:36
Last seen 2023-09-22 21:50
Open for 405 days

Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022910647a9d3496ec

[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[http "https://git.mbgft.de"]
	sslCAInfo = /var/www/hilfe.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:64_JGWmZpYYfqthDAxyvmPB@git.mbgft.de/web/HilfeSeite.git
	fetch = +refs/heads/*:refs/remotes/origin/*

Found on 2023-08-10 05:42

390 Bytes

Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652214f8e170

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:yNuBddy2YXtHHqLXetHV@git.mbgft.de/web/HilfeSeite.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "main"]
	remote = origin
	merge = refs/heads/main

Found on 2023-02-09 17:39

297 Bytes

Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652219f8087d

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://web_deploy:ynXy7usVQKaA_a2yJS7T@git.mbgft.de/web/HilfeSeite.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "main"]
	remote = origin
	merge = refs/heads/main

Found on 2022-08-13 06:36

291 Bytes

Create report

Open service 2a03:4000:1a:59:986e:ceff:fe4f:18c1:443 · hilfe.mbgft.de

2025-12-19 20:18

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 19 Dec 2025 20:18:56 GMT
Content-Type: text/html
Content-Length: 3222
Connection: close
Last-Modified: Fri, 20 Jun 2025 08:51:06 GMT
ETag: "685520fa-c96"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Page title: MBG Hilfeseite

<!DOCTYPE html>

<html lang="de">
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- #BeginEditable "doctitle" -->
    <title>MBG Hilfeseite</title>
    <!-- #EndEditable -->
    <link rel="stylesheet" href="/css/styles.css" type="text/css" />
  </head>

  <body>
    <header>
      <a class="title" href="/index.html">
        <p class="title">MBG-FT</p>
        <hr />
        <p class="title">Hilfeseiten</p>
      </a>
      <input class="burger-check" id="burger-check" type="checkbox" />
      <label for="burger-check" class="burger"></label>
      <nav>
        <ul>
          <li class="nav__generic active">
            <a class="nav__generic" href="/index.html">
              <img src="/images/icon-home.svg" alt="Startseite Logo" />
              <span class="nav__generic">Startseite</span>
            </a>
          </li>
          <li class="nav__generic">
            <a href="/aufnahmen/index.html" class="nav__generic">
              <img src="/images/icon-music.svg" alt="Aufnahmen Logo" />
              <span class="nav__generic">Aufnahmen</span>
            </a>
          </li>
          <li class="nav__element">
            <a class="nav__element" href="/element/index.html">
              <img src="/images/icon-element.svg" alt="Element Logo" />
              <span class="nav__element">Element</span>
            </a>
          </li>
          <li class="nav__nextcloud">
            <a class="nav__nextcloud" href="/nextcloud/index.html">
              <img src="/images/icon-nextcloud.svg" alt="Nextcloud Logo" />
              <span class="nav__nextcloud">Nextcloud</span>
            </a>
          </li>
          <li class="nav__jitsi">
            <a class="nav__jitsi" href="/jitsi/index.html">
              <img src="/images/icon-jitsi.svg" alt="Jitsi Logo" />
              <span class="nav__jitsi">Jitsi</span>
            </a>
          </li>
          <li class="nav__generic">
            <a class="nav__generic" href="/intern/ldappasswort.php">
              <img
                src="/images/icon-applications.svg"
                alt="Hilfsprogramme Logo"
              />
              <span class="nav-text-generic">Passwort ändern</span>
            </a>
          </li>
          <li class="nav__generic">
            <a class="nav__generic" href="/contact.html">
              <img src="/images/icon-contact.svg" alt="Kontakt Logo" />
              <span class="nav-text-generic">Kontakt</span>
            </a>
          </li>
        </ul>
      </nav>
    </header>
    <main>
      <h1>Willkommen</h1>
      <div class="text-centered">
        <p>Willkommen auf unseren Hilfeseiten.</p>
        <p>Bitte im Menü den gewünschten Punkt auswählen.</p>
      </div>
      <div id="copyright">
        © <span id="copyright-year">2022</span>,
        <a href="https://mbg-frankenthal.de/impressum/"
          >Mennoniten-Brüdergemeinde Frankenthal e.V.</a
        >
        <script>
          document.getElementById("copyright-year").innerText =
            new Date().getFullYear();
        </script>
      </div>
    </main>
  </body>
</html>