There's an accessible git repository on [$URL(https://$URL). This issue allows an attacker to retrieve source code and git history.
Go to this urls:
- $URL/.git/logs/HEAD
- $URL/.git/config
##Comments_while_commiting_this: To can actually download the entire repo using git dumper.
This issue could potentially reveal sensitive information.
https://hackerone.com/reports/541349 https://hackerone.com/reports/970520