id: svn-wc-db info: name: SVN wc.db File Exposure author: Hardik-Solanki,R12W4N severity: medium reference: - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt - https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb - https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761 metadata: verified: true google-query: intitle:"index of" "wc.db" tags: msf,exposure,svn,config,files requests: - method: GET path: - "{{BaseURL}}/.svn/wc.db" - "{{BaseURL}}/wc.db" stop-at-first-match: true max-size: 10000 matchers-condition: and matchers: - type: word part: body words: - 'SQLite format' - 'WCROOT' condition: and - type: status status: - 200