Update svn-wc-db.yaml

Most of the time wc.db file is big in size, response from the web server may take time, could lead to content deadline exceeded error, even if the wc.db file exist.
So I change the HTTP Method to HEAD
Also, I change the rating to High because it could lead to source code disclosure.
I cross verified with one of my target, current template does not work, so here is the revised one.
Reference: https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
patch-1
Rizwan Syed 2023-02-13 16:17:37 +05:30 committed by GitHub
parent 7ef7d8439d
commit 239f8d6b6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 11 deletions

View File

@ -2,30 +2,23 @@ id: svn-wc-db
info:
name: SVN wc.db File Exposure
author: Hardik-Solanki
severity: medium
author: Hardik-Solanki, R12W4N
severity: High
reference:
- https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
- https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb
- https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761
metadata:
verified: true
google-query: intitle:"index of" "wc.db"
tags: msf,exposure,svn,config,files
requests:
- method: GET
- method: HEAD
path:
- "{{BaseURL}}/.svn/wc.db"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'SQLite format'
- 'WCROOT'
condition: and
- type: status
status:
- 200