标签:代码审计
至于宽字节注入,有人写过,我就不多写了:
https://www.91ri.org/8611.html
http://netsecurity.51cto.com/art/201404/435379_4.htm
针对iconv()函数,我就试着写了个utf-8和gbk的url编码转换
import os,urllib
print"""if u want change gbk to utf-8,please input gbk,so as input utf-8.
input exit and exit,others make u try agin"""
st = raw_input()
def utf8cwgbk(st):
if st=="utf-8":
print "input string"
url1 = raw_input()
st1 = urllib.unquote(url1)
st2 = st1.decode("utf-8").encode("gbk")
url2 = urllib.quote(st2)
print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字"""
print url1,‘---‘,url2,‘---‘,st1,‘---‘,st2
os.system(‘pause‘)
if st=="gbk":
print "input string"
url1 = raw_input()
st1 = urllib.unquote(url1)
st2 = st1.decode("gbk").encode("utf-8")
url2 = urllib.quote(st2)
print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字"""
print url1,‘---‘,url2,‘---‘,st2,‘---‘,st1
os.system(‘pause‘)
if st=="exit":
os.system(‘exit‘)
else:
print"""please try again.if u want change gbk to utf-8,please input gbk,else input utf8,finally input exit"""
st = raw_input()
utf8cwgbk(st)
if __name__=="__main__":
utf8cwgbk(st)本文出自 “saluteiceman” 博客,请务必保留此出处http://maxvision.blog.51cto.com/6269192/1686625
标签:代码审计
原文地址:http://maxvision.blog.51cto.com/6269192/1686625
