# Windor FileDownLoad.aspx Arbitrary File Read

Yinda Huizhi intelligent integrated management platform FileDownLoad.aspx has arbitrary file reading vulnerabilities, through which the attacker can download any file in the server.

FOFA **query rule**: [body="汇智信息" && title="智慧综合管理平台登入"](https://fofa.so/result?qbase64=Ym9keT0i5rGH5pm65L%2Bh5oGvIiAmJiB0aXRsZT0i5pm65oWn57u85ZCI566h55CG5bmz5Y%2Bw55m75YWlIg%3D%3D)

# Demo

![Windor_FileDownLoad_aspx_Arbitrary_File_Read](Windor_FileDownLoad_aspx_Arbitrary_File_Read.gif)