校无忧学校网站系统漏洞

很简单的漏洞

id=request.QueryString("id")

if id<>"" then

Conn.execute("update News set num=num+1 where id="&id&"")

Set rs=Server.CreateObject("Adodb.Recordset")

rs.open "select * from News where id="&id,Conn,1,2

 
注入篇：http://www.iick.blog/NewsView.asp?id=1

上传： http://www.iick.blog/Editor/asp/upload_json.asp

       http://www.iick.blog/Editor/asp/file_manager_json.asp

管理路径  http://www.iick.blog/admin/login.asp