• Creation
  • Validation
  • Communication & fix
  • Disclosure

OpenRealEstate PRO / Source and credentials leak through exposed git directory

reported 2021-10-08

The following URL is publicly accessible and is leaking source code :

https://demo-free-ru.open-real-estate.info/.git/config

The remote URL contains username/password combo that could be used to access monoray BitBucket account.

IP:
85.143.213.10
Port:
443
Detected protocol:
https
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://monoraystudio:<redacted>@bitbucket.org/Xpycm/ore_dev.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[credential]
	helper = store
Found by GitConfigPlugin 2021-08-05
Report created by    linkks  2021-10-08
Report edited by    linkks  2021-10-08
Report edited by    BloodyShell  2021-10-08
Report approved by    BloodyShell  2021-10-08
New PDF report generated by system 2021-10-08
Report dispatched to ...@... by system 2021-10-08
Report marked as fixed by    BloodyShell  2021-10-11
Report closed by    BloodyShell  2021-10-11
New PDF report generated by system 2021-10-11
Report edited by    BloodyShell  2021-10-11
New PDF report generated by system 2021-10-11
Information
Owner OpenRealEstate PRO
Created 2021-10-08 08:20
Updated 2021-10-11 11:37
Fixed true

Contacts
s...@monoray.net

Status
Status closed
Hosting contacted false
CERT contacted false

Download report