U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak
Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...