#6: SVN directory is viewable through Apache

Solved!
on January 27, 2009, 11:23 AM UTC   —   from   92049143cabb7ba896d7c06e19906303_small yliu    ( 3,192 views )
Contents of .svn directories, when located under an Apache web root, are viewable via a browser. This leads to potential exploits, as referenced by Adam Gotterer.

The hack obviously starts in .svn directory, specifically at the entries file. You can access this file by browsing to:
http://www.somedomain.com/.svn/entries?

This document contains all of the files and folders svn manages in that directory. In some instances you can locate admin directories and the same thing applies…
http://www.somedomain.com/admin/.svn/entries?

So at this point all you have are a bunch of file names. Sometimes you can get some fun information and access to files that were meant to be hidden. Security by obscurity is not a solution, protect files you don’t want the public to access!

Now this is where things get interesting… Any file that has been checked in I can now execute. Either directly or through an svn folder that holds file revisions. Pick any file in the list and browse to:
http://www.somedomain.com/.svn/text-base/filename.php.svn-base


... and so on.

Tags: Apache Subversion SVN Web security exploit
Add Solution Add Reference

Solutions

Solutions Feed

Use httpd.conf to deny access to .svn files or redirect access

1

- 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:37 AM UTC

In particular:
RedirectMatch 404 /\\.svn(/|$)
This will respond with a 404 every time a .svn directory is accessed by a HTTP client.

References used:

Comments

  1. thanks!

     johnny on December 30, 2009, 04:39 AM UTC
Add a Comment

Think you've got a better solution? Help 92049143cabb7ba896d7c06e19906303_small yliu out by posting your solution

References

Adam Gotterer - Hacking the .SVN directory

http://www.adamgotterer.com/2009/01/26/hacking-the-svn-directory/ - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:38 AM UTC

original problem statement

core - Apache HTTP Server

http://httpd.apache.org/docs/2.2/mod/core.html - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:35 AM UTC

DirectoryMatch syntax

Deny access to .svn files

http://stackoverflow.com/questions/398008/deny-access-to-svn-folders-on-apache - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:34 AM UTC

i love stackoverflow

mod_alias - Apache HTTP Server

http://httpd.apache.org/docs/2.2/mod/mod_alias.html - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:33 AM UTC

RedirectMatch syntax

Deny Access to .svn Files From Web - Bash - Snipplr

http://snipplr.com/view/3706/deny-access-to-svn-files-from-web/ - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:32 AM UTC

RedirectMatch 404 /\.svn(/|$)