nabijaczleweli

наб

@nabijaczleweli

Dazed and confused, but trying to continue 🇵🇱/🏴󠁧󠁢󠁥󠁮󠁧󠁿/🇷🇺 ⚧ they

Maintains homie/hoe stasis. Store horizontally when not in use. Contains sulfites.

log in
nabijaczleweli
@nabijaczleweli

what fresh fucking hell is this. scraper that wants money?

transcript 
Date: Wed, 26 Apr 2023 06:32:06 +0000
From: Repo Lookout Reporter <reporter@repo-lookout.org>
To: nabijaczleweli@nabijaczleweli.xyz
Subject: Security vulnerability on host "lfs.nabijaczleweli.xyz"

HOST: lfs.nabijaczleweli.xyz
UUID: 3c4e784dda3

---------------------------------------------------------------------------

Hello there,

OUR SECURITY SCANNER "REPO LOOKOUT" HAS FOUND A VULNERABILITY ON A HOST FOR
WHICH YOU ARE LISTED AS THE CONTACT!

Repo Lookout is a non-commercial project to find inadvertently publicly
exposed source code repositories.


# DETAILS

The following URL was world-readable at the time of scanning (Mar 22 '23):

- https://lfs.nabijaczleweli.xyz/0013-AMIX-fonts/amix.fonts.fulldump/.git

This allows (at least partial) access to the site's underlying source code
repository.

For instance, the last 5 code commits have been::

  - 544c3ed5: commit: Add README
  - 5faaba41: commit (amend): Ready for release
  - fa4ae8b3: commit: Ready for release
  - 38529d9c: commit: All done pretty much, sans the actual character mappings :0
  - 75bc9d28: commit: Correctly trim charname in 01extract

Such access to the repository could give an attacker insight into the
structure of the site (e.g. hidden functionality, critical bugs, or
credentials to third-party services) and enable downstream attacks (e.g.
data leakage, phishing, and extortion).

IT IS HIGHLY RECOMMENDED TO DISABLE ACCESS TO THE SOURCE CODE REPOSITORY!


# WHAT IS "REPO LOOKOUT"?

Repo Lookout is a large-scale security scanner, with a single purpose: Find
source code repositories that have been inadvertently exposed to the public
and report them to the domain's technical contact.

Visit https://www.repo-lookout.org/ to learn more about the project.


# SPONSORING

If you found this vulnerability report useful, please consider supporting
the project by becoming a sponsor on Ko-fi (https://ko-fi.com/repolookout).
Thank you very much!


Best regards,
  The "Repo Lookout" Team

---------------------------------------------------------------------------

Copyright 2022–23
Crissy Field GmbH (https://www.crissyfield.de/)
see all
You must log in to comment.

in reply to @nabijaczleweli's post:

repo-lookout
@repo-lookout

Hello there. My name is Thomas and I run the Repo Lookout project. I just wanted to clarify that this is NOT an "extortion" kind of request for money, but -as the email says- more of a "if you like what we're doing, consider supporting the project" kind of request. If you have any further questions, feel free to contact us!

login to reply
Pinned Tags