daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/exposures/files/svn-wc-db.yaml

43 lines
1.2 KiB
YAML
Raw Normal View History

Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
id: svn-wc-db
info:
name: SVN wc.db File Exposure
fixed-template
2023-03-02 10:05:55 +00:00
author: Hardik-Solanki,R12W4N
severity: medium
Updated descriptions of template
2024-01-02 16:16:15 +00:00
description: SVN wc.db file is exposed.
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
reference:
- https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
- https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb
Update svn-wc-db.yaml Most of the time wc.db file is big in size, response from the web server may take time, could lead to content deadline exceeded error, even if the wc.db file exist. So I change the HTTP Method to HEAD Also, I change the rating to High because it could lead to source code disclosure. I cross verified with one of my target, current template does not work, so here is the revised one. Reference: https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
2023-02-13 10:47:37 +00:00
- https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
Fix classification Fix classification
2024-09-10 09:08:16 +00:00
classification:
cpe: cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Update svn-wc-db.yaml
2022-12-12 18:19:02 +00:00
metadata:
verified: true
templateman update
2023-10-14 11:27:55 +00:00
max-request: 2
Add missing cpes Added missing cpes
2024-09-10 08:22:50 +00:00
vendor: apache
Fix classification Fix classification
2024-09-10 09:08:16 +00:00
product: subversion
google-query: intitle:"index of" "wc.db"
Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] :robot:
2023-01-05 11:21:19 +00:00
tags: msf,exposure,svn,config,files
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
reverted to GET
2023-03-06 07:44:46 +00:00
- method: GET
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
path:
- "{{BaseURL}}/.svn/wc.db"
fixed-template
2023-03-02 10:05:55 +00:00
- "{{BaseURL}}/wc.db"
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
fixed-template
2023-03-02 10:05:55 +00:00
stop-at-first-match: true
max-size: 10000
templateman update
2023-10-14 11:27:55 +00:00
Update svn-wc-db.yaml
2023-03-06 07:37:51 +00:00
matchers-condition: and
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
matchers:
Update svn-wc-db.yaml
2023-03-06 07:37:51 +00:00
- type: word
part: body
words:
- 'SQLite format'
- 'WCROOT'
condition: and
Create svn-wc-db.yaml
2022-12-10 13:52:24 +00:00
- type: status
status:
- 200
chore: sign templates 🤖
2024-09-12 05:14:01 +00:00
# digest: 4a0a00473045022100c79c1f3bd981203f5a2f4d6caee7ecd23d126216523d8728a3f1d9f95b20703f02202a62693f5cd6bcbc0573acd14a25f5d4bc62f53719a57ec7f543870f6ae42496:922c64590222798bb761d5b6d8e72950