Basic Flaw Reveals Source Code to 3,300 Popular Websites

A Russian security group has posted a detailed blog post ( translation here ) about how they managed to extract the source code to over 3,300 websites. The group found that some of the largest and best known domains on the web, such as apache.org and php.net , amongst others, are vulnerable to an elementary information leak that exposes the structure and source of website files. A web surfer is able to extract this information by requesting the hidden metadata directories that popular version control tool Subversion creates. TechCrunch50 Conference 2009 : September 14-15, 2009, San Francisco