Update svn-wc-db.yaml

Most of the time wc.db file is big in size, response from the web server may take time, could lead to content deadline exceeded error, even if the wc.db file exist. So I change the HTTP Method to HEAD Also, I change the rating to High because it could lead to source code disclosure. I cross verified with one of my target, current template does not work, so here is the revised one. Reference: https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
2023-02-13 16:17:37 +05:30 · 2023-02-13 16:17:37 +05:30 · 239f8d6b6d
parent 7ef7d8439d
commit 239f8d6b6d
1 changed files with 4 additions and 11 deletions
--- a/exposures/files/svn-wc-db.yaml
+++ b/exposures/files/svn-wc-db.yaml
@ -2,30 +2,23 @@ id: svn-wc-db

 info:
  name: SVN wc.db File Exposure
-  author: Hardik-Solanki
-  severity: medium
+  author: Hardik-Solanki, R12W4N
+  severity: High
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
    - https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb
+    - https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
  metadata:
    verified: true
    google-query: intitle:"index of" "wc.db"
  tags: msf,exposure,svn,config,files

 requests:
-  - method: GET
+  - method: HEAD
    path:
      - "{{BaseURL}}/.svn/wc.db"

-    matchers-condition: and
    matchers:
-      - type: word
-        part: body
-        words:
-          - 'SQLite format'
-          - 'WCROOT'
-        condition: and
-
      - type: status
        status:
          - 200