In fact, this vulnerability is a dynamic Shopping Mall that upload issue. if session(“useridname”)<>”" or session(“AdminName”)<>”" then this is upload_flash. the asp file to access the authentication, you'll need to register a user can upload.
With a bright kid direct upload.
Find a keyword, but you can use: inurl:help/pay_introduce. asp