- Creation
- Validation
- Communication & fix
- Disclosure
OpenRealEstate PRO / Source and credentials leak through exposed git directory
Deleted user
reported 2021-10-08
The following URL is publicly accessible and is leaking source code :
https://demo-free-ru.open-real-estate.info/.git/config
The remote URL contains username/password combo that could be used to access monoray BitBucket account.
IP:
85.143.213.10Port:
443Detected protocol:
httpsVulnerable URL:
https://demo-free-ru.open-real-estate.info/.git/config[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = https://monoraystudio:<redacted>@bitbucket.org/Xpycm/ore_dev.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
[credential]
helper = store
Found by GitConfigPlugin 2021-08-05
Report created by
deleted-user
2021-10-08
deleted-user
2021-10-08
Report edited by
deleted-user
2021-10-08
deleted-user
2021-10-08
Report edited by
BloodyShell
2021-10-08
BloodyShell
2021-10-08
Report approved by
BloodyShell
2021-10-08
BloodyShell
2021-10-08
New PDF report generated by system 2021-10-08
Report dispatched to ...@... by system 2021-10-08
Report marked as fixed by
BloodyShell
2021-10-11
BloodyShell
2021-10-11
Report closed by
BloodyShell
2021-10-11
BloodyShell
2021-10-11
New PDF report generated by system 2021-10-11
Report edited by
BloodyShell
2021-10-11
BloodyShell
2021-10-11
New PDF report generated by system 2021-10-11
Information
Owner
OpenRealEstate PRO
Created
2021-10-08 08:20
Updated
2021-10-11 11:37
Fixed
true
Contacts
s...@monoray.net
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report