How a ‘.git’ file Leads to Zendesk Panel Takeover

--

بِسْمِ اللَّهِ الرَّحْمَـٰنِ الرَّحِيمِ

Greetings, hackers! In my recent Pentest Engagement at BugSwagger, join me as I discovered the ‘.git’ path that let me take over the Zendesk panel of the admin.

Introduction

This short writeup highlights a critical vulnerability discovered in a git repository. The vulnerability allows unauthorized actors to retrieve the entire source codebase using a simple command and have full access to the Zendesk Panel.

Using the command below we can dump the .git file using the goop tool:

goop https://uat1-middleware.REDACTED.com/.git

The downloaded source code contains a file named: zendesk_functions.php that house sensitive credentials in plain text :

define("ZENDESK_API_USERNAME", "REDEACTED@REDEACTED.com");
define("ZENDESK_API_PASSWORD", "REDEACTED_PASSWORD");
define("ZENDESK_API_URL", "https://yourcompany.zendesk.com/api/v2/tickets.json");

To confirm those credentials I go to https://www.zendesk.com/login/ to log in with those creds and as you can see below we have full admin panel access without any restrictions.

--

--

Abdelrhman Allam (sl4x0)
Abdelrhman Allam (sl4x0)

Written by Abdelrhman Allam (sl4x0)

Security Researcher @Bugcrowd | Twitter: @sl4x0

Responses (1)