Sleepy Dragon · 2013/07/30 15:05
0 x00 SVN is introduced
Subversion, or SVN for short, is an open source version control system that uses a branch management system as opposed to RCS and CVS. It is designed to replace CVS. More and more control services on the Internet are moving from CVS to Subversion.
Subversion’s official website is subversion.tigris.org/
Chinese websites: Subversion Chinese site, SVNBook Chinese version, Subversion Chinese community, Chinese SVN technical data.
These sites provide very detailed and diverse documentation that you can peruse if you have time.
Subversion uses a server-client structure, although both servers and clients can run on the same server. On the server side is the Subversion repository that holds all of the controlled data. On the other side is Subversion’s client program, which manages the local mapping of a portion of the controlled data (called a “working copy”). Between these two ends, Access is through multiple channels in the Repository Access layer (RA). In these channels, the warehouse can be operated through different network protocols, such as HTTP, SSH, etc., or local files.
0x01 Installation Configuration
Install SVN
#yum install subversion
Copy the codeCheck whether the installation is successful
#svnserve --version
Copy the codeIf the version information is displayed, the installation is successful
Create a warehouse
#svnadmin create /home/svn/repo
Copy the codeSet a password for the SVN
Modify the configuration file/home/SVN/repo/conf/svnserve. Conf
#[general]
Copy the codeThe # in front
Anonymous access permissions can be read,write, or None. The default is read
anon-access = none
Copy the codeThe permission of an authentication user can be read,write, or None. The default is Write
auth-access = write
Copy the codePassword database path
#password-db = passwd
Copy the codeGet rid of the # in front
Example Change the passwd configuration file
#vim /home/svn/repo/conf/passwd
Copy the code= user name followed by password:
[users]
name = password
Copy the codeStarting the SVN Server
For a single code repository
#svnserve -d -r /home/svn --listen-host 192.168.1.100
Copy the codeThe default port on the SVN is 3690. Enable this port on the firewall.
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 3690 -j ACCEPT
/sbin/service iptables save
Copy the codeImport the /var/www/html/ directory to the repo directory on the SVN
svn import /var/www/html/ file:///home/svn/repo -m "test"
Copy the code0x02 Warning Problem
1. Check out (export result with directory tree of.svn folder)
SVN co http:// path [local directory full path] --username username --password password SVN co SVN :// path [local directory full path] --username username --password password SVN Checkout http:// path [local directory full path] --username username SVN checkout SVN :// path [local directory full path] --username UsernameCopy the codeIf you transmit a password without –password, you will be prompted for the password. You are advised not to use –password in plain text. Username and password are preceded by two short lines, not one. If the full path of the local directory is not specified, the system checks out to the current directory.
2, export (export a clean directory tree without.svn folder)
SVN export [-r version number] http:// path [local directory full path]--username username SVN export [-r version number] SVN :// path [local directory full path]--username username SVN export Locally checked out (with the. SVN folder) Full path Full path of the local directory to be exportedCopy the codeThe first form of exporting a clean working directory tree from a repository is to specify the URL. If a revision number is specified, the corresponding version is exported. If no revision is specified, the latest version is exported to the specified location. If you omit the full path of the local directory, the last part of the URL is used as the name of the local directory. The second form is to specify the full path of the locally checked out directory to the full path of the local directory to be exported, and all local changes will be retained. But files that are not under version control (that is, new files that are not committed, because there is no record of information about them in the.SVN folder) will not be copied.
In real development environments, it is strongly recommended to use SVN export instead of SVN CO.
This can lead to very serious problems, many administrators directly put the code out of SVN CO directly into the Web directory.
This exposes the.SVN hidden folder to the outside world, where hackers can use “entries” files, which are used for version tracking, to gradually figure out the site structure.
The more serious problem is that the. SVN directory also contains a copy of the source code file that ends in the.svn-base directory (the path of the lower version SVN is the text-base directory; the higher version SVN is the pristine directory). If the server does not resolve this suffix, the hacker can directly obtain the source code of the file.
If the suffix is resolved, there may be a file parsing vulnerability, there may be an extension parsing vulnerability, find a place to upload XXX.php. GIF may be directly to the webshell.
If you do not want to delete the SVN directory, you can disable access to this directory on the server:
SVN /entries directory does not contain a list of file directories when updated to 1.7+. SVN /entries.
Apache:
<Directory ~ "\.svn">
Order allow,deny
Deny from all
</Directory>
Copy the codeNginx:
location ~ ^(.*)\/\.svn\/ {
return 404;
}
Copy the codeSVN /entries two scripts to display the directory structure of the website:
SVN traversal script. Zip
There have been many incidents of SVN leaking website information on Wooyun, some of which even led to the collapse of the entire server:
WooYun: [Grand 180 days of Infiltration record] Chapter 4. SVN hunter (A server is corrupted due to SVN information leakage and design problems)
WooYun: like SVN leak, there is a risk of pants being taken off, think of CSDN….
WooYun: SVN information and SQL files in a branch of Youku are leaked
WooYun: The SVN information of an application on Taobao.com causes code leakage
WooYun: Is fresh Fruit going to lose all apps?
Reference:
Subversion quick Start tutorial
Use Subversion for version control
Build a secure version control environment with Apache and Subversion
Centos SVN installation, configuration, and use
Common SVN commands in Linux
WooYun:. Summary of vulnerability utilization of the SVN directory without permission limitation