help@cyb4rgeek.xyz

+1 (512) 588 6950

How I found 30+ Websites Source Code Disclosure via Exposed .git Folder using Google Dorks

Home/How I found 30+ Websites Sourc...
How I found 30+ Websites Source Code Disclosure via Exposed .git Folder using Google Dorks

How I found 30+ Websites Source Code Disclosure via Exposed .git Folder using Google Dorks

A “Google Dork” is a search query that uses advanced operators to find specific information on the internet. One type of information that can be found using Google Dorks is exposed source code on websites. This can happen when a website’s “.git” folder, which is used to store version control information for the website’s source code, is not properly secured.

If the “.git” folder is publicly accessible, it can be indexed by search engines like Google. An attacker can then use Google Dorks to find the exposed “.git” folder, and then use that information to access the website’s source code.

An example of a Google Dork that could be used to find an exposed “.git” folder is:

site:example.com inurl:.git

This search query will return all pages on the “example.com” domain that contain the string “.git” in the URL. If any of those pages are the website’s “.git” folder, the attacker will be able to access the website’s source code.

It’s crucial for web developers to make sure that the “.git” folder is not publicly accessible in order to keep website’s source code safe.

How I found 30+ Websites Source Code Disclosure via Exposed .git Folder using Google Dorks, .git Folder
Image Source
Google Dorks
Image Source

A website’s source code can be exposed if a “.git” folder, which is used to store version control information for the website’s code, is not properly protected. This can happen if a developer forgets to remove the “.git” folder when uploading the website’s files to a live server.

Website source code disclosure via exposed .git folder can be prevented by taking the following steps:

  1. Remove the .git folder from the web server: The .git folder contains all the version control information for the website, including the source code. Removing this folder from the web server will prevent it from being accessed by unauthorized users.
  2. Use a .gitignore file: A .gitignore file can be used to exclude certain files and folders from being tracked by Git. This can be used to exclude the .git folder from being tracked, preventing it from being exposed on the web server.
  3. Use a web server configuration: Some web servers, such as Apache, have the ability to block access to certain files and folders. This can be used to block access to the .git folder, preventing it from being exposed.
  4. Use a security plugin: Some CMS, such as WordPress, have security plugins that can be used to block access to certain files and folders. This can be used to block access to the .git folder, preventing it from being exposed.
  5. Use a CDN: A Content Delivery Network (CDN) can be used to serve the website’s content from a separate server, rather than the web server. This can be used to prevent the .git folder from being exposed, as the CDN will not have access to it.

It is important to note that preventing website source code disclosure via exposed .git folder should be considered as a part of a larger security strategy, and should be coupled with other security measures such as firewalls, intrusion detection systems, and regular security audits.

 

1 Comment

Leave a Reply