The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947e78dd08e645819d5824ae6e78b8902bc39bee770168c7934bc1efb3
HTTP/1.1 200 OK Date: Mon, 08 May 2023 14:27:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx/1.18.0 (Ubuntu) Vary: Accept-Encoding Set-Cookie: PHPSESSID=g3css0nas4b74s0oisfjrmjfkv; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: JSPuzzles0=168355602177717; expires=Sat, 06-May-2028 14:27:01 GMT; Max-Age=157680000; path=/ [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://github.com/hagai2003/jspuzzles-git.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "user-gallery-upgrade"] remote = origin merge = refs/heads/user-gallery-upgrade [branch "aws-sep-2022"] remote = origin merge = refs/heads/aws-sep-2022 [branch "aws-back-to-hosting-emai-handling"] remote = origin merge = refs/heads/aws-back-to-hosting-emai-handling
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: high
Fingerprint: 5f32cf5d6962f09c8c9af8b78c9af8b712656bb02a32e7dde897f86f5e5ba4fc
Found 128 files trough .DS_Store spidering: /.git /.well-known /45b297da-a0fb-4faf-8957-84981f48560b.png /9AmbWjR2C6zCsJ8Xab101ZRziFcZg52BlSI8kUyeN5Q (1) /aboutus.php /ad.php /adblock_monetize.php /addcomment.php /ads.txt /ahref /amazon-app-manifest.json /android-qa-base.php /android-qa.php /android.css /apple-touch-icon-precomposed.png /apple-touch-icon.png /aroundtheworld-base.php /aroundtheworld.php /aroundtheworldajax.php /aroundtheworldL.php /arrow2.gif /article /article/assets /article/css /article/js /artwork /artwork/flags /artwork/logo /artwork.zip /autocomplete /aws-lambda-ses-forwarder-master /aws-lambda-ses-forwarder-master/example /aws-lambda-ses-forwarder-master/test /badwords.php /Baidu /baseurl.phpold /baseurl.phpold2 /bg /BingSiteAuth.xml /black.gif /blue.gif /blue.jpg /browserdetect.js /cache /cache-ff-base.php /cache-ff.php /cache-gc-base.php /cache-gc.php /cache-ie-base.php /cache-ie.php /cache-op-base.php /cache-op.php /cache-sa-base.php /cache-sa.php /captimg /captimg.zip /checkcountries.php /chinese.jpg /chromeapp /chromeapp/version1 /chromeapp/version1-es /chromeapp/version1-pt /chromeapp/version1.1 /chromeapp/version1.1-fr /chromeapp/version2 /ci /clearcache.php /click.mp3 /close.gif /cn /commonissues-base.php /commonissues.php /commonL.php /composer /contactus-base.php /contactus.jpg /contactus.php /countrydropdown.php /cron /cron-mailinglist.php /cron-maint.php /cron.txt /css /cutindex.jpg /cutoptions.jpg /dailymailL.php /database backup /db_backups /dbbackup /dblogin.php /de /delicious.png /docs /empty.jpg /en /en/puzzles /endmusic.mp3 /english.jpg /error_log /es /eyeblaster /facebook /facebook.png /fadeslideshow.js /favicon.ico /featuredcontentglider.js /fetchthread.php /ff-cache.php /flagcomment.php /flashdetect /floattip.js /fonts /fonts/icomoon /fonts/icomoon/v1 /fonts/icomoon/v2 /fonts/icomoon/v2/Icon Reference_files /fonts/mdbootstrap-flags /footer.php /footerheader.php /footerheadermobile.php /forgotpass-base.php /forgotpass-base.php-new /forgotpass.php /fr /funzola_banner.jpg /gallery-adsense.php /gallery-sense.php /galleryad-adsense.php
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: high
Fingerprint: 5f32cf5d6962f09c8c9af8b78c9af8b712656bb02a32e7dde897f86fd739b8f8
Found 128 files trough .DS_Store spidering: /.git /.well-known /45b297da-a0fb-4faf-8957-84981f48560b.png /9AmbWjR2C6zCsJ8Xab101ZRziFcZg52BlSI8kUyeN5Q (1) /aboutus.php /ad.php /adblock_monetize.php /addcomment.php /ads.txt /ahref /amazon-app-manifest.json /android-qa-base.php /android-qa.php /android.css /apple-touch-icon-precomposed.png /apple-touch-icon.png /aroundtheworld-base.php /aroundtheworld.php /aroundtheworldajax.php /aroundtheworldL.php /arrow2.gif /article /article/assets /article/css /article/js /artwork /artwork/flags /artwork/logo /artwork.zip /autocomplete /aws-lambda-ses-forwarder-master /aws-lambda-ses-forwarder-master/example /aws-lambda-ses-forwarder-master/test /badwords.php /Baidu /baseurl.phpold /baseurl.phpold2 /bg /BingSiteAuth.xml /black.gif /blue.gif /blue.jpg /browserdetect.js /cache /cache-ff-base.php /cache-ff.php /cache-gc-base.php /cache-gc.php /cache-ie-base.php /cache-ie.php /cache-op-base.php /cache-op.php /cache-sa-base.php /cache-sa.php /captimg /captimg.zip /checkcountries.php /chinese.jpg /chromeapp /ci /clearcache.php /click.mp3 /close.gif /cn /commonissues-base.php /commonissues.php /commonL.php /composer /contactus-base.php /contactus.jpg /contactus.php /countrydropdown.php /cron /cron-mailinglist.php /cron-maint.php /cron.txt /css /cutindex.jpg /cutoptions.jpg /dailymailL.php /database backup /db_backups /dbbackup /dblogin.php /de /delicious.png /docs /empty.jpg /en /endmusic.mp3 /english.jpg /error_log /es /eyeblaster /facebook /facebook.png /fadeslideshow.js /favicon.ico /featuredcontentglider.js /fetchthread.php /ff-cache.php /flagcomment.php /flashdetect /floattip.js /fonts /footer.php /footerheader.php /footerheadermobile.php /forgotpass-base.php /forgotpass-base.php-new /forgotpass.php /fr /funzola_banner.jpg /gallery-adsense.php /gallery-sense.php /galleryad-adsense.php /galleryad-aol.php /galleryad-dfp-300x250.php /galleryad-dfp-728x90.php /galleryad-up-728-cn.php /galleryad-up-728-de.php /galleryad-up-728-en.php /galleryad-up-728-es.php /galleryad-up-728-fr.php /galleryad-up-728-he.php /galleryad-up-728-it.php /galleryad-up-728-pt.php /galleryad.php
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522e1178b00
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://github.com/hagai2003/jspuzzles-git.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "user-gallery-upgrade"] remote = origin merge = refs/heads/user-gallery-upgrade [branch "aws-sep-2022"] remote = origin merge = refs/heads/aws-sep-2022 [branch "aws-back-to-hosting-emai-handling"] remote = origin merge = refs/heads/aws-back-to-hosting-emai-handling
Open service 3.217.12.55:443
2024-04-25 00:38
HTTP/1.1 404 Not Found Date: Thu, 25 Apr 2024 00:38:50 GMT Content-Length: 0 Connection: close X-Epic-Correlation-ID: efa647aa-9c56-4964-98c4-6a3aba82974b