Skip to main content

Sorcery Blog

Tag: source code exposure

Exposed .git Folder and How To Remediate it

Discovery Usually we find this when directory bruteforce returns positive results from the following urls: Many times the .git/ may be 403 (due to directory listing being disabled) but the files within it are downloadable. A lot of the git files are at known paths and the rest can be worked out from the known files so it is still exploitable as long as the files are downloadable.