I was recently testing a web application and hoping to find some interesting issues. In this write-up, I will tell you about a public .git folder I found on that website, how I managed to use that .git folder to retrieve back-end files leading to RCE, and a 4-digit bounty.