Webile Directory Traversal Vulnerability Allowing Unauthorized File System Access

A directory traversal vulnerability has been identified in Webile version 1.0.1. This vulnerability allows remote attackers to manipulate file system paths without authentication, potentially leading to unauthorized access of sensitive system directories and compromise of the mobile device's local file system. The issue arises from an insecure web server configuration that fails to properly restrict and validate file paths, enabling unauthorized users with WiFi access to request local files without permission.

Impact

Exploitation of this vulnerability could result in unauthorized file access, information leakage, and compromise of the mobile application.

Reproduction

The vulnerability can be reproduced by sending a request to the local Webile server with a crafted file path that includes directory traversal sequences. This can be done using a web browser or a tool like curl. The request should target the 'webile_select_dir' endpoint, with the 't' parameter set to 'change_upload_dir' and the 'filepath' parameter containing the traversal payload. Once the request is sent, the server response will include the contents of the traversed file or directory, demonstrating successful exploitation.