.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: medium
Fingerprint: 5f32cf5d6962f09c20f30ab920f30ab998f19c275187deb928d6a1effb2a4e99
Found 67 files trough .DS_Store spidering: /assets /assets/css /assets/img /assets/img/3rd.jpg /assets/img/about-bg.png /assets/img/about.jpg /assets/img/apple-touch-icon.png /assets/img/blog /assets/img/clients /assets/img/clients/asa.png /assets/img/clients/client-1.jpg /assets/img/clients/client-2.png /assets/img/clients/client-2.psng.png /assets/img/clients/client-3.jpg /assets/img/clients/client-4.jpeg /assets/img/clients/client-5.png /assets/img/clients/client-6.png /assets/img/clients/client-7.png /assets/img/clients/client-8.png /assets/img/clients/s.png /assets/img/clients/sas.png /assets/img/cta.jpg /assets/img/dashboard.jpeg /assets/img/faq.jpg /assets/img/favicon.png /assets/img/features-1.svg /assets/img/features-2.svg /assets/img/features-3.svg /assets/img/features-4.svg /assets/img/features-5.svg /assets/img/features-6.svg /assets/img/hero-bg.png /assets/img/hero-carousel /assets/img/hero-fullscreen-bg.jpg /assets/img/oiltruck.jpg /assets/img/oiltruck2.jpg /assets/img/onfocus-content-bg.jpg /assets/img/onfocus-video-bg.jpg /assets/img/phone.jpg /assets/img/portfolio /assets/img/pricing-bg.jpg /assets/img/services-1.jpg /assets/img/services-2.jpg /assets/img/services-3.jpg /assets/img/services-4.jpg /assets/img/services-5.jpg /assets/img/services-6.jpg /assets/img/team /assets/img/testimonials /assets/img/testimonials-bg.jpg /assets/img/truck.png /assets/img/white_icon2.jpg /assets/js /assets/scss /assets/vendor /blog-details.html /blog.html /changelog.txt /forms /index-2.html /index-3.html /index-4.html /index.html /inner-page.html /portfolio-details.html /README.md /Readme.txt
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522b8d99dbf
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://ebad-ali:1c1a7d0a242379dd3b17bf96254395ca69314141@github.com/Fast-Forward-Fuel/fff-website.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "main"] remote = origin merge = refs/heads/main