Path Traversal in demon1a/discord-recon


Reported on

May 15th 2021

✍️ Description

Scanning internal (git directories) leaks using Improper input validation in truffleHog function

urlHost = urlparse(argument).netloc
if urlHost != "" and urlHost != "":
await ctx.send("**You're trying to scan unallowed URL, please use a github/gitlab URL.**")

The following filter doesn't scan for URL Schemes ( http, file, https) So by using the following URL


(gitDirectory) should have .git file in it so truffleHog can scan it

🕵️‍♂️ Proof of Concept

1- Setup Discord-Recon server in your Discord and then make a git Repo folder which contains leaks
2- use 'file://'

💥 Impact

This vulnerability is capable of scanning internal repos for leaks however its low since you need to know the PATH of the gitDirectory

to join this conversation