### 简要描述: 据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。 上一次提交了你们没有礼物,这次该有了吧? ### 详细说明: 官网:http://www.topxia.com git文件泄露: ``` http://www.topxia.com/.git/config ``` 如图: [<img src="https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png" alt="2015-12-20_144356.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png) [<img src="https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png" alt="2015-12-20_144502.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png) ### 漏洞证明: ``` [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = ssh://git@gitlab.howzhi.net:4411/topxia/topxia-site.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master ```
### 简要描述: 据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。 上一次提交了你们没有礼物,这次该有了吧? ### 详细说明: 官网:http://www.topxia.com git文件泄露: ``` http://www.topxia.com/.git/config ``` 如图: [<img src="https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png" alt="2015-12-20_144356.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png) [<img src="https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png" alt="2015-12-20_144502.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png) ### 漏洞证明: ``` [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = ssh://git@gitlab.howzhi.net:4411/topxia/topxia-site.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master ```