AllAboutBugBounty/Exposed Source Code.md

1.3 KiB

Exposed Source Code

Introduction

Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application.

How to Find

  1. Exposed Git folder
https://site.com/.git

GIT folder

  1. Exposed Subversion folder
https://site.com/.svn

SVN folder

  1. Exposed Mercurial folder
https://site.com/.hg

HG folder

  1. Exposed Bazaar folder
http://target.com/.bzr

BZR folder

  1. Exposed Darcs folder
http://target.com/_darcs
  1. Exposed Bitkeeper folder
http://target.com/Bitkeeper

Reference: