### 简要描述:
据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。
上一次提交了你们没有礼物,这次该有了吧?
### 详细说明:
官网:http://www.topxia.com
git文件泄露:
```
http://www.topxia.com/.git/config
```
如图:
[<img src="https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png" alt="2015-12-20_144356.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144408cadd0e1ddcac72840a71706063642b24.png)
[<img src="https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png" alt="2015-12-20_144502.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/20144514ec7f01af402d1a9f42402246b3d9341f.png)
### 漏洞证明:
```
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = ssh://git@gitlab.howzhi.net:4411/topxia/topxia-site.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
```
京公网安备 11010502034610号
暂无评论