The hack obviously starts in .svn directory, specifically at the entries file. You can access this file by browsing to:
This document contains all of the files and folders svn manages in that directory. In some instances you can locate admin directories and the same thing applies…
So at this point all you have are a bunch of file names. Sometimes you can get some fun information and access to files that were meant to be hidden. Security by obscurity is not a solution, protect files you don’t want the public to access!
Now this is where things get interesting… Any file that has been checked in I can now execute. Either directly or through an svn folder that holds file revisions. Pick any file in the list and browse to:
... and so on.