Struggling with GCSx CoCo?

GCSx CoCo compliance isn't easy, especially given current financial pressures. Visit our GCSx CoCo Health Check section to find out how we can help you comply with CoCo 4.1 while saving money.

Contact Us

• Home
 
• Resources
 
• Releases

Releases

Subverted – A tool for extracting source code from web sites.

This tool exploits an obscure but publicly known vulnerability that occurs when a subversion repository is uploaded to a web page. Subversion uses a .svn folder structure, inside of which exist several files including .svn/entries and a backup of each file in the subversion checkout. Subverted parses the entries file for files and further subdirectories to add to a queue. When a file is found it’s added to a list, displayed at the end. The output can be redirected to a file which can then be passed to a download manager to pull down the svn-base backups. This works because most HTTP servers will serve a file with a .svn-base extension as plain text or HTML. To resolve this vulnerability, one can either remove the .svn directory or change permissions accordingly, or alternatively use something like .htaccess to block access to the entries files and files with a .svn-base extension.

To download Subverted – please click here.