nuclei-templates/http/exposures/files/svn-wc-db.yaml

id: svn-wc-db

info:
  name: SVN wc.db File Exposure
  author: Hardik-Solanki,R12W4N
  severity: medium
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
    - https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb
    - https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
  metadata:
    verified: true
    google-query: intitle:"index of" "wc.db"
  tags: msf,exposure,svn,config,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/.svn/wc.db"
      - "{{BaseURL}}/wc.db"

    stop-at-first-match: true
    max-size: 10000
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'SQLite format'
          - 'WCROOT'
        condition: and

      - type: status
        status:
          - 200
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00			`id: svn-wc-db`

			`info:`
			`name: SVN wc.db File Exposure`
fixed-template 2023-03-02 10:05:55 +00:00			`author: Hardik-Solanki,R12W4N`
			`severity: medium`
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00			`reference:`
			`- https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt`
			`- https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb`
Update svn-wc-db.yaml Most of the time wc.db file is big in size, response from the web server may take time, could lead to content deadline exceeded error, even if the wc.db file exist. So I change the HTTP Method to HEAD Also, I change the rating to High because it could lead to source code disclosure. I cross verified with one of my target, current template does not work, so here is the revised one. Reference: https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761 2023-02-13 10:47:37 +00:00			`- https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761`
Update svn-wc-db.yaml 2022-12-12 18:19:02 +00:00			`metadata:`
			`verified: true`
			`google-query: intitle:"index of" "wc.db"`
Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] :robot: 2023-01-05 11:21:19 +00:00			`tags: msf,exposure,svn,config,files`
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
reverted to GET 2023-03-06 07:44:46 +00:00			`- method: GET`
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00			`path:`
			`- "{{BaseURL}}/.svn/wc.db"`
fixed-template 2023-03-02 10:05:55 +00:00			`- "{{BaseURL}}/wc.db"`
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00
fixed-template 2023-03-02 10:05:55 +00:00			`stop-at-first-match: true`
			`max-size: 10000`
Update svn-wc-db.yaml 2023-03-06 07:37:51 +00:00			`matchers-condition: and`
Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00			`matchers:`
Update svn-wc-db.yaml 2023-03-06 07:37:51 +00:00			`- type: word`
			`part: body`
			`words:`
			`- 'SQLite format'`
			`- 'WCROOT'`
			`condition: and`

Create svn-wc-db.yaml 2022-12-10 13:52:24 +00:00			`- type: status`
			`status:`
			`- 200`