Acunetix Web Vulnerability Scanner Parses Version Control Systems
A lot of developers are using version control systems such as SVN (Apache Subversion) and GIT in order to track changes in their source code. These types of server tools are essential for the organizations which have multi-developer projects. Most of these version control systems create internal hidden directories, which typically contain extensive information about the files and directories stored in the current directory. As you might have already guessed, such systems store sensitive and confidential information. However, when the developers are publishing the website files from these systems to the live servers, sometimes they forget to delete, or restrict the access to such directories. This practice can pose a very high security risk that affects the company.
During a web application security scan, Acunetix WVS looks for these types of directories and alerts the user if they are discovered. Acunetix WVS also crawls and parses the contents of these hidden directories and uses the information gathered to reconstruct the site structure and find even more vulnerabilities.
For example, Subversion is using a hidden directory named .svn. Inside this directory there is a file named entries (/.svn/entries). This file contains a lot of sensitive information; all the files and directories present within the current directory, such as the usernames of people who have committed files