Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak

##Description I discovered another LFD on the https://████/ (virtual host on the █████ IP) ##POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any server-side file, such as source code of application: https://███/file.ashx?path=index.aspx ## Impact Source code & sensitive configuration data leakage. Attacker can use it to compromise the resource.