@query(selectid from user where name = ?);
${}
select
insert
update
in
like
obderby
statement
org.apache.comons.fileupload
file
xxxstream
RequestMethod
MultipartHttpServletRequest
xss
getParamter <%= param el表达式
目录遍历
path
System.GetProperty("yser.dir")
fileInputStream
file.read
filePath
xml注入类似xxe
DocumentBuilder
XMLStreamReader
SAXBuilder
SAXParserSAXReader
XMLReader
SAXSource
TransformerFactory
SAXTransformerFactory
SchemaFactory
命令执行
ProcessBuilder start Runtime getRuntime exec
序列化
readObject
readUnshared
XMLDecoder.readObject
Yaml.load
XStream.fromXML
ObjectMapper.readValue
JSON.parseObject
任意文件删除
delete
逻辑漏洞没什么关键字,可以去看User控制器,或者看过滤器,寻找有无校验。