Exposed .git to bitbucket account owner’s all repository access!

During a investigation I found an open .git directory. So I can use GitTools to get the source code of the website. Simple Right?

But Let’s extend the scope! Upon visiting the /.git/config , I saw the repository link like below:

https://username:secret_key@bitbucket.org/workspace_name/repo_name.git

Interesting!! Let’s check out bitbucket API documentation.

First let’s try list all the repositories!

curl -u "<username>:<secret_key>" -s "https://api.bitbucket.org/2.0/repositories/<workspace_name>?sort=-updated_on&page=1" | grep -o 'https://[^.]*@bitbucket.org/[^.]*\.git'

You can change the page number in ther request to get more repositories. Let’s try to clone a git repositories.

It Works!

Let’s automate the process. I have shared the mass tool in my github.

https://github.com/mahmud0x/BitBucketDumper