PHP+MYSQL网站注入扫描[15]

ager.txt');
  sum :=lsbdict.count;
  pg1.min :=0;
  pg1.max :=sum;
  pg1.step :=1;
  pg1.position :=0;
  pg1.visible :=true;
  mm.lines.add('开始猜解后台路径。。。');
  mm.lines.add('');
  setlength(scanmanager,sum);   // 动态设置线程的数量
  ////开始扫描后台路径
  for i:=0 to sum-1 do
  begin
    scanmanager := scanmanagerthread.create(url,i,listbox1,mm);
    scanmanager.onterminate := managerthreadexit;
  end;
end;

if isfinish=true then
begin
  try
    for i:=m to lsbdict.count-1 do
    begin
    if scanmanager.freeonterminate then
    begin
      scanmanager.suspend;
      scanmanager.free;
    end;
    end;
    mm.lines.add('');
    mm.lines.add('后台路径猜解结束。。。');
  except
  end;
end;
isfinish :=true;
end;

procedure tform1.managerthreadexit(sender: tobject);
begin
inc(m);
pg1.stepit;
if m = lsbdict.count then
begin
  isfinish :=true;
  mm.lines.add('');
  mm.lines.add('后台路径猜解结束。。。');
  pg1.visible :=false;
  exit;
end;
end;

procedure tform1.sbstop3click(sender: tobject);
var i:integer;
begin
isfinish :=false;
{ if m>=lsbdict.count then exit;
try
  for i:=m to lsbdict.count-1 do
  begin
    if scanmanager.freeonterminate then
    begin
    scanmanager.suspend;
    scanmanager.free;
    end;
  end;
  mm.lines.add('');
  mm.lines.add('后台路径猜解结束。。。');
except
end; }
end;

procedure tform1.listbox1click(sender: tobject);
begin
wb.navigate(listbox1.items.gettext);
pcphpinj.activepageindex :=3;
end;

procedure tform1.formshow(sender: tobject);
begin
pg1 :=tprogressbar.create(nil);
pg1.parent :=statusbar1;
pg1.height :=statusbar1.height;
pg1.width :=statusbar1.width;
pg1.visible :=false;
end;

end.


unit unit2;

interface

uses
classes,stdctrls,windows,sysutils,comctrls,idhttp;

var
cs:trtlcriticalsection;   //定义全局临界区

type
//扫描网站是否可以注入及当前注入点对应表字段数线程类
scanthread = class(tthread)
protected
  furl,injurl,fstr: string; //要注入的网站地址
  fkeyword: string; //关键字
  fstate: boolean;
  fmemo: tmemo;
  flistview: tlistview;
  fnum: integer;
  ftable,fvalue :string;
  procedure execute; override;
public
  //constructor create(url,keyword:string;memo:tmemo);
end;
//扫描表段注入线程类
scantablethread = class(scanthread)
private
  procedure scantableresult;
protected
  procedure execute; override;
public
  constructor create(url,str,keyword:string;memo:tmemo;listview:tlistview);
end;
//扫描字段注入线程类
scanfieldthread = class(scanthread)
private
  procedure scanfieldresult;
protected
  procedure execute; override;
public
  constructor create(url,str,keyword,table:string;num:integer;memo:tmemo;listview:tlistview);
end;

function get(url,key: string): boolean;

var
stoped:boolean;

implementation

uses unit1;

function get(url,key: string): boolean;
var
idhttp: tidhttp;
ss: string;
begin
result:= false;
idhttp:= tidhttp.create(nil);
try
  try
    idhttp.handleredirects:= true;   //必须支持重定向否则可能出错
    idhttp.readtimeout:= 30000;     //超过这个时间则不再访问
    ss:= idhttp.get(url);
    if key='' then
    begin
    if idhttp.responsecode=200 then
      result :=true;
    end else
    begin
    if (idhttp.responsecode=200) and (pos(key,ss)>0) then
      result :=true;
    end;
  except
  end;
finally
  idhttp.free;
end;
end;

{constructor scanthread.create(url,keyword:string;memo:tmemo);
begin
fmemo :=memo;
furl :=url;
fkeyword :=keyword;
freeonterminate := true; // 自动删除
inherited create(false); // 直接运行
end;}

procedure scanthread.execute;
var
i:integer;
istr:string;
begin
fmemo :=form1.mm;
furl :=trim(form1.edtinjurl.text);
fkeyword :=trim(form1.edtkey.text);
fmemo.lines.clear;
fmemo.lines.add('正在检测注