|  |  | @ -7,23 +7,31 @@ See the file 'LICENSE' for copying permission | 
			
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  | from lib.core.enums import PRIORITY |  |  |  | from lib.core.enums import PRIORITY | 
			
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  | __priority__ = PRIORITY.LOWEST |  |  |  | __priority__ = PRIORITY.LOWEST# 设置优先级为最低 | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  | def dependencies(): |  |  |  | def dependencies(): | 
			
		
	
		
		
			
				
					
					|  |  |  |     pass |  |  |  |     pass | 
			
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  | def tamper(payload, **kwargs): |  |  |  | def tamper(payload, **kwargs): | 
			
		
	
		
		
			
				
					
					|  |  |  |     """ |  |  |  |     """ | 
			
		
	
		
		
			
				
					
					|  |  |  |     Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87) |  |  |  |     这个函数用于篡改(tamper)输入的payload,将其中的单引号字符(')替换为其UTF-8全角字符对应物。 | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  |     References: |  |  |  |     参数: | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         payload:要篡改的原始payload。 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         **kwargs:其他可选参数(在本函数中未使用)。 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     功能: | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |         将payload中的单引号(')替换为UTF-8编码的全角单引号(%EF%BC%87),用于绕过某些安全防护措施。 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     参考链接: | 
			
		
	
		
		
			
				
					
					|  |  |  |         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 |  |  |  |         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 | 
			
		
	
		
		
			
				
					
					|  |  |  |         * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/ |  |  |  |         * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/ | 
			
		
	
		
		
			
				
					
					|  |  |  |         * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850 |  |  |  |         * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850 | 
			
		
	
		
		
			
				
					
					|  |  |  |         * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps |  |  |  |         * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps | 
			
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  | 
 | 
			
		
	
		
		
			
				
					
					|  |  |  |  |  |  |  |     示例: | 
			
		
	
		
		
			
				
					
					|  |  |  |         >>> tamper("1 AND '1'='1") |  |  |  |         >>> tamper("1 AND '1'='1") | 
			
		
	
		
		
			
				
					
					|  |  |  |         '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871' |  |  |  |         '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871' | 
			
		
	
		
		
			
				
					
					|  |  |  |     """ |  |  |  |     """ | 
			
		
	
		
		
			
				
					
					|  |  |  | 
 |  |  |  |     # 替换payload中的单引号为UTF-8全角单引号 | 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					|  |  |  |     return payload.replace('\'', "%EF%BC%87") if payload else payload |  |  |  |     return payload.replace('\'', "%EF%BC%87") if payload else payload | 
			
		
	
	
		
		
			
				
					|  |  | 
 |