Git Exposure: How a Simple Oversight Led to a Critical Security Flaw

Git Exposure: How a Simple Oversight Led to a Critical Security Flaw

In my recent exploration of web applications, I came across a significant security issue that I believe deserves attention. This discovery involved a popular application responsible for managing various user services. While I can't divulge the application's name or specific details, I want to share the insights gained from this experience and detail the steps taken to detect and report this vulnerability.

The Initial Discovery

The journey began when I discovered that the application's .git directory was exposed.

The .git directory is a crucial part of any Git version-controlled project, containing key information about the repository's history, branches, and possibly sensitive configuration files.

Using a well-known open-source tool called Git Dumper, I confirmed the exposure and downloaded the application's complete source code to my local environment.

What I Uncovered

After inspecting the downloaded files, I discovered a concerning amount of sensitive information. Notably, I found hardcoded credentials in the docker-compose.yml file, including passwords for various services used by the application. Storing credentials in this way presents a significant security risk.

Furthermore, a deployment file deployment_production_k8.yml contained sensitive data, including employee usernames and passwords for Shiprocket and SIMPL Payment Gateway.

With these credentials, access to Shiprocket's API was possible, granting control over various aspects of the application. Specifically, I used the Shiprocket credentials to generate an authentication token via their API.

With the gained access, I could:

  • Expose Customer PII, Cancel or Modify Customer Orders

  • Access Financial Information

Mitigation and Recommendations

After identifying the vulnerability, I quickly reported it to the company and suggested actions like restricting access to the .git directory and securely managing credentials using AWS Secrets Manager or GitHub Secrets.

Conclusion

This experience is a strong reminder of how important it is to secure application source code and data. Even small mistakes like an exposed .git directory can cause serious security issues if not fixed.

As a token of appreciation for uncovering and reporting this critical issue, I was rewarded $200 by the company, which shows how important it is to report problems responsibly and work together to improve cybersecurity.

Did you find this article valuable?

Support Lohith Gowda M by becoming a sponsor. Any amount is appreciated!