Researcher Finds 390,000 Websites with Exposed Source Code

by Developer.com Staff

Some Web developers are making it too easy to access their Git repositories.

Security researcher Vladimír Smitka said he found 390,000 Internet domains with a .git folder in a publicly accessible part of the site. That could lead to problems if the folder includes sensitive information. "Sometimes you can get very sensitive data such as database passwords, API keys, development IDE settings, and so on," Smitka said. "This data shouldn't be stored in the repository, but... I have found many, many developers that do not follow these best practices."

Smitka has notified the developers involved. "After sending the emails, I exchanged about 300 additional messages with affected parties to clarify the issue," Smitka reported. "I have received almost 2,000 thank-you emails, 30 false positives, two scammer/spammer accusations, and one threat to call the Canadian police."

View article

This article was originally published on Tuesday Sep 4th 2018
Mobile Site | Full Site