ODINT
← Back to Cyber Tours

Government GitLab

Ecuador Government GitLab (minka.gob.ec) — Raw Dump

Summary

Method: GitLab API v4 (public, unauthenticated)

What is minka.gob.ec?

Ecuador's government GitLab instance — hosts source code for government applications, digital signature systems, document management, e-government platforms, COVID apps, and the standardized WordPress theme/plugins deployed across all government websites.

Key Government Groups (73 total public groups)

Group ID Description Parent
Gobierno Electrónico 411 Main e-Government group mintel
MINTEL 408 Ministry of Telecommunications root
FirmaEC 417 National digital signature system mintel/ge
Plataforma Gob.EC 953 National gov platform (RUTR) mintel/ge
Quipux 580 National document management system mintel/ge
QuipuxEC 5500 Next-gen Quipux mintel/ge/quipux
Quipux Comunitario 4680 Community edition of Quipux root
Portales Homologados 667 Standardized gov WordPress templates mintel/ge
Coronavirus 3706 COVID-19 digital response apps mintel/ge
BuzonEC 6018 Government inbox/mailbox system mintel/ge
Dialogo 2.0 3122 Citizen participation platform mintel/ge
CSIRT APLICATIVO 25832 CSIRT application code mintel/ge
Software Público 1631 Public software strategy mintel/ge
E-Learning 3000 Government e-learning platform mintel/ge
CTI 462 IT procurement system mintel/ge
Ministerio de Educación 4461 Ministry of Education DNTICS root
MREMH 6030 Ministry of Foreign Affairs root
SERCOP 5045 National Public Procurement Service root
DeskOS 1057 Ecuadorian Linux distribution root
EPMAPASC 5003 Santa Cruz Municipal Water root
Grouphacking 284 Cybersecurity research group root

E-Government Projects (29 repos in mintel/ge)

ID Project Description
158 quipux-app Core Quipux document management system (403 — private)
237 quipux-datos Quipux data versioning
236 quipux-servicios Quipux services
560 quipuxec-docs QuipuxEC documentation
2543 quipuxcomunitario Quipux community edition
400 firmadigital-libreria Digital signature core library (8 stars, 47 forks)
129 firmadigital-servicio Digital signature service (11 stars, 6 forks)
128 firmadigital-api Digital signature API (10 stars, 6 forks)
387 firmadigital-tester Signature integration tester
250 firmadigital-drupal FirmaEC Drupal module
216 gobec Core gov platform — manages tramites, institutions, regulations
214 gobec_platform Gov platform installer (RUTR)
212 gobec_theme Gov platform Drupal theme
210 prototipo Platform prototype
384 gobec_forms Digital procedure forms
382 gobec_feedback Citizen feedback module
315 gobec_search Procedure search (contains SQL)
569 gobec_vaccination Universal vaccination module
568 gobec_frm_location Geographic location combos (provinces/cantons/parishes)
415 gobec_planning Economic diagnosis and planning
150 cti-app IT procurement system
409 consul Customized Consul citizen participation platform
423 coronavirus_app COVID-19 mobile app
422 coronavirus_drupal COVID Drupal module
404 moodle-theme E-learning Moodle theme
675 curso-quipux-ciudadanos Quipux citizen training
207 estandares E-government standards
234 inventario-software-publico Public software inventory (Odoo module)
677 buzonec-prototype BuzonEC prototype

Oraculo Plugin — Full Source Code Analysis

Location

minka.gob.ec/Quinaluisa/traduccion (Project ID: 230) Path: SOURCE/themes/Sitio-32/plugins/oraculo/oraculo.php

Repository Stats

  • 575.4 MB storage
  • 7 commits, 1 branch
  • Contains: Sitio-32, Sitio-328, Sitio-32_old government themes
  • License: All rights reserved

Hardcoded Credentials (CONFIRMED)

Password: SNAPsitio30v
Salt: ALRTOPER984TNMGDGFDH

Used in MCrypt encrypt()/decrypt() functions within the oraculo plugin.

Plugin Functionality

  • Centralized content management for all government WordPress sites
  • Remote server synchronization (headers, banners, videos, menus)
  • Database connectivity
  • Image header management
  • Mobile device detection (bundled Mobile-Detect 2.8.17)
  • MCrypt-based encryption (deprecated)

SQL Injection Vectors (CONFIRMED)

ajax_selects.php:

$id = $_POST['identificador'];
// Direct concatenation into SQL:
"...where relacion=" . $id . "..."

procesarContacto.php:

$nombre = $_POST['nombre'];
// Direct interpolation:
"INSERT INTO contacto (nombre, apellido, cedula...) VALUES('$nombre','$apellido'..."

Additional Vulnerabilities

  • No CSRF protection on any form handler
  • No input validation/sanitization
  • Unsafe email headers (header injection possible)
  • Error messages may leak database structure
  • MCrypt deprecated since PHP 7.1

Sitio-32 Theme File Tree (Government Standard WordPress Theme)

PHP Files

Sitio-32/
├── accesibilidad.php
├── archive.php
├── biblioteca.php
├── boletines.php
├── car_download.inc.php
├── car_download_resoluciones.inc.php
├── category.php
├── comments.php
├── comunicacion.php
├── content-aside.php
├── content-audio.php
├── content-footer.php
├── content-gallery.php
├── content-header.php
├── content-image.php
├── content-link.php
├── content-none.php
├── content-quote.php
├── content-status.php
├── content-video.php
├── content.php
├── ajax/
│   ├── ajax_selects.php (SQL INJECTION)
│   ├── categoryDownload.php
│   ├── contactoWeb.php
│   └── procesarContacto.php (SQL INJECTION + MAIL INJECTION)
├── plugins/
│   ├── banner-ads-rotator/
│   └── oraculo/
│       ├── oraculo.php (HARDCODED CREDS)
│       └── Mobile-Detect-2.8.17/
├── oraculo/ (header images)
├── css/
├── cssmenu/
├── filex/
├── fonts/
├── images/
├── img/
├── inc/
├── js/
├── library/
├── logdesc/
└── page-templates/

Also contains Sitio-328 (updated version) and Sitio-32_old (archived).

Other Notable Repos/Groups

CSIRT APLICATIVO (Group 25832)

  • Ecuador's CSIRT has application code on public GitLab
  • Under mintel/ge namespace
  • Subprojects not yet enumerated

Grouphacking (Group 284)

  • "investigar, compartir noticias e información, analizar, crear, desarrollar herramientas de hacking o Ciberseguridad"
  • Public cybersecurity research group on government infrastructure

DeskOS (Groups 76, 1057)

  • "DeskOS: Una distribución ecuatoriana para entorno profesional"
  • Ecuadorian Linux distribution project

SERCOP / FirmaEC

  • National Public Procurement Service has its own FirmaEC integration
  • Multiple organizations forking the digital signature libraries

Spam/Abuse Problem

The GitLab instance has significant spam account infiltration:

  • Multiple accounts with random names (Kina Lombardo, Reginald Mosher, Kendrick Pinckney, etc.)
  • Projects with random names and high issue counts (likely spam)
  • Law firm, marketing, pharmaceutical spam groups
  • Vietnamese spam accounts
  • Indicates weak registration controls on government infrastructure

© 2026 Observatory for Digital Infrastructure and Network Transparency. Independent nonprofit.

Home | Privacy | Terms