To the actual vulnerability, for example,that is, laoy old y 2. 5,3. 0 version,that upload injection vulnerability.
sql="Update "&tbname&"_User set UserFace = '"&Uprequest. Form("file")&"' where ID= "& LaoYID
The file variable is changed:
The email value is set to the administrator password,storm password successfully.
Other similar injected into the place also can try