标签:代码审计
至于宽字节注入,有人写过,我就不多写了:
https://www.91ri.org/8611.html
http://netsecurity.51cto.com/art/201404/435379_4.htm
针对iconv()函数,我就试着写了个utf-8和gbk的url编码转换
import os,urllib print"""if u want change gbk to utf-8,please input gbk,so as input utf-8. input exit and exit,others make u try agin""" st = raw_input() def utf8cwgbk(st): if st=="utf-8": print "input string" url1 = raw_input() st1 = urllib.unquote(url1) st2 = st1.decode("utf-8").encode("gbk") url2 = urllib.quote(st2) print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字""" print url1,‘---‘,url2,‘---‘,st1,‘---‘,st2 os.system(‘pause‘) if st=="gbk": print "input string" url1 = raw_input() st1 = urllib.unquote(url1) st2 = st1.decode("gbk").encode("utf-8") url2 = urllib.quote(st2) print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字""" print url1,‘---‘,url2,‘---‘,st2,‘---‘,st1 os.system(‘pause‘) if st=="exit": os.system(‘exit‘) else: print"""please try again.if u want change gbk to utf-8,please input gbk,else input utf8,finally input exit""" st = raw_input() utf8cwgbk(st) if __name__=="__main__": utf8cwgbk(st)
本文出自 “saluteiceman” 博客,请务必保留此出处http://maxvision.blog.51cto.com/6269192/1686625
标签:代码审计
原文地址:http://maxvision.blog.51cto.com/6269192/1686625