Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-21 01:14:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Git insecure files renamed + svn method added

Browse source
This commit is contained in:
Swissky 2017-06-04 17:58:09 +02:00
parent 94470a2544
commit 2e75cbe25a
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Git Svn insecure files/README.md → Insecured source code management/README.md
View file

@ -94,12 +94,18 @@ INSERT INTO "NODES" VALUES(1,'trunk/test.txt',0,'trunk',1,'trunk/test.txt',2,'no
``` ```
2. Download interesting files 2. Download interesting files
remove $sha1$ prefix remove \$sha1\$ prefix
add .svn-base postfix add .svn-base postfix
use first two signs from hash as folder name inside pristine/ directory (94 in this case) use first two signs from hash as folder name inside pristine/ directory (94 in this case)
create complete path, which will be: http://server/path_to_vulnerable_site/.svn/pristine/94/945a60e68acc693fcb74abadb588aac1a9135f62.svn-base create complete path, which will be: http://server/path_to_vulnerable_site/.svn/pristine/94/945a60e68acc693fcb74abadb588aac1a9135f62.svn-base
### Automatic way -
```
git clone https://github.com/anantshri/svn-extractor.git
python svn-extractor.py url “url with .svn available”
```
## Thanks to ## Thanks to
* bl4de, https://github.com/bl4de/research/tree/master/hidden_directories_leaks * bl4de, https://github.com/bl4de/research/tree/master/hidden_directories_leaks
* bl4de, https://github.com/bl4de/security-tools/tree/master/diggit * bl4de, https://github.com/bl4de/security-tools/tree/master/diggit