When developers use SVN for version control, the site is automatically deployed. If the configuration is improper, the .svn folder may be deployed directly to the online environment. This caused the SVN leak vulnerability.
Version control tool: dvcs-ripper
https://github.com/kost/dvcs-rippeLinuxr
Note that running .pl
files under Linux need to be downloaded onlineperl
apt-get install perl
Switch to the working directory, perl xxx.pl can be executed
-
Scan the target URL first and confirm that the .svn is leaked, then use the rip-svn.pl script in the dvcs-ripper tool to clone.
For example:
index.html and svn directories are cloned -
svn/pristine/ The original files stored in the
.svn folder
pristine may contain backup files.
ps: Generally use: grep to find what you need in the backup file. For example:
cat wc.db | grep flag
However, it may happen that the binary file cannot be output to the terminal.
at this time;
cat wc.db | grep -a flag
Can
There are only so many operations that svn source code can do temporarily.