问题如题：

解决办法；

请打开admin/include/swfupload.asp 找到

       Dim ChkRS:Set ChkRS =Conn.Execute("Sel ect top 1 a.username,b.userid From KS_Admin a inner join KS_User b on a.username=b.username Where AdminID=" & KS.ChkClng(AdminID) & " and a.PassWord='" & Pass & "'")

修改为

           Dim ChkRS:Set ChkRS =Conn.Execute("Sel ect  top 1 a.username,b.userid From KS_Admin a inner join KS_User b on a.username=b.username Where AdminID=" & KS.ChkClng(AdminID) & " and a.PassWord='" &KS.DelSql(Pass) & "'")

sel ect红色空间请去掉，另外注意红色地方的改动；

api/uc.asp  提示漏洞。

可以打开这个文件，把以下代码删除。

dim stm:set stm=server.CreateObject("adodb.stream")
  stm.Type=2 '以文本模式读取
  stm.mode=3
  stm.charset="utf-8"
  stm.open
  stm.WriteText content
  stm.SaveToFile server.MapPath("/123.txt"),2
  stm.flush
  stm.Close
  set stm=nothing

再往下找到 59行

dim rs:set rs=conn.execute("sele ct top 1 [username],[password] from KS_User Where UserName='" &username & "'")

改成

dim rs:set rs=conn.execute("sele ct top 1 [username],[password] from KS_User Where UserName='" & KS.DelSQL(username) & "'")

74行

  Conn.Execute("Upd ate KS_User Set isonline=0 Where UserName='" & (UserName) & "'")

改成

  Conn.Execute("Up date KS_User Set isonline=0 Where UserName='" & KS.DelSQL(UserName) & "'")

不需要修改。