unit3.pas

简介：PHP+MYSQL网站注入扫描工具

//后台管理扫描线程类
unit Unit3;

interface

uses
  Classes,StdCtrls,Windows,SysUtils,ComCtrls,wininet;

var
  CS:TRTLCriticalSection;    //定义全局临界区

type
  scanManagerThread = class(TThread)
  private
    Tmplbx :TListBox;
    TmpMemo :TMemo;
    TmpNum :integer;
    TmpUrl :string;
    Str :string;
    procedure scanResult;
  protected
    procedure Execute; override;
  public
    constructor Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo);
  end;

implementation

uses Unit1;

constructor scanManagerThread.Create(Url:string; Num: integer;Lbx: TListBox;Memo:TMemo);
begin
  TmpUrl :=Url;
  TmpNum :=Num; // 传递参数
  Tmplbx :=Lbx;
  TmpMemo :=Memo;
  FreeOnTerminate :=True; // 自动删除
  InitializeCriticalSection(CS); //初始化临界区
  inherited Create(False); // 直接运行
end;

//====================== 判断网址是否存在的函数 =======================
function CheckUrl(url: string; TimeOut: integer = 5000): boolean;
var
  hSession, hfile, hRequest: hInternet;
  dwindex, dwcodelen: dword;
  dwcode: array[1..20] of char;
  res: pchar;
  re: integer;
  Err1: integer;
  j: integer;
begin
  if pos('http://', lowercase(url)) = 0 then
    url := 'http://' + url;
  Result := false;
  InternetSetOption(hSession, Internet_OPTION_CONNECT_TIMEOUT, @TimeOut, 4);
  hSession := InternetOpen('Mozilla/4.0', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
   //设置超时
  if assigned(hsession) then
  begin
    j := 1;
    while true do
    begin
      hfile := InternetOpenUrl(hsession, pchar(url), nil, 0, INTERNET_FLAG_RELOAD, 0);
   if hfile = nil then
      begin
        j := j + 1;
        Err1 := GetLastError;
        if j > 5 then break;
        if (Err1 <> 12002) or (Err1 <> 12152) then break;
        sleep(2);
      end
      else begin
        break;
      end;
    end;
    dwIndex := 0;
    dwCodeLen := 10;
    HttpQueryInfo(hfile, HTTP_QUERY_STATUS_CODE, @dwcode, dwcodeLen, dwIndex);
    res := pchar(@dwcode);
    re := strtointdef(res, 404);
    case re of
      400..450: result := false;
    else result := true;
    end;
    if assigned(hfile) then
      InternetCloseHandle(hfile);
      InternetCloseHandle(hsession);
    end;
end;

function GetBackSpaceCount(str:string):string;
var i,iCount:integer;
begin
   iCount :=50-length(str);
   for i:=0 to iCount-1 do
   begin
     Result :=Result+' ';
   end;
end;

procedure scanManagerThread.scanResult;
begin
  Tmplbx.Items.Add(str);
  Form1.GroupBox1.Caption :='检测结果：共找到'+inttostr(Tmplbx.Items.Count)+'条路径';
end;

procedure scanManagerThread.Execute;
begin
  Str :=TmpUrl + Form1.lsbDict.Items[TmpNum];
  EnterCriticalSection(cs);         //进入临界区
  TmpMemo.Lines.Add(Str);
  if CheckUrl(Str) then
  begin
    Synchronize(scanResult); // 同步
  end;
  LeaveCriticalSection(CS);      //退出临界区
  //sleep(20); // 线程挂起;
end;

end.