{"id":151712,"date":"2020-08-26T23:02:42","date_gmt":"2020-08-26T15:02:42","guid":{"rendered":"http:\/\/4563.org\/?p=151712"},"modified":"2020-08-26T23:02:42","modified_gmt":"2020-08-26T15:02:42","slug":"%e5%85%b3%e4%ba%8e-python-%e5%a6%82%e4%bd%95%e5%a4%84%e7%90%86-json-%e6%95%b0%e6%8d%ae%e8%bd%ac%e4%b9%89%e7%9a%84%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=151712","title":{"rendered":"\u5173\u4e8e Python \u5982\u4f55\u5904\u7406 json \u6570\u636e\u8f6c\u4e49\u7684\u95ee\u9898"},"content":{"rendered":"
\n
\n
\n

\u5173\u4e8e Python \u5982\u4f55\u5904\u7406 json \u6570\u636e\u8f6c\u4e49\u7684\u95ee\u9898 <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : N0phone <\/span> <\/i> 9<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

def tamper(payload,**kwargs): line = payload.encode(‘hex’) n=2 groups = [line[i:i+n] for i in range(0,len(line),n)] full = ” for x in groups: full = full + ‘u00’ +x retVal = full return retVal<\/p>\n

\u6211\u6709\u4e00\u6bb5 python \u7a0b\u5e8f\uff0c\u8fd0\u884c\u73af\u5883\u662f linux\uff0cpython2 \u60f3\u8981\u628a\u6211\u7684\u6570\u636e \u8f6c\u6210u00xx \u8fd9\u6837\u7684 json \u80fd\u89e3\u6790\u7684\u6570\u636e\u7136\u540e\u53d1\u5305\u8bf7\u6c42\uff0c\u4f46\u662f\u5728\u5b9e\u9645\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u62a5\u9519<\/p>\n

‘unicodeescape’ codec can’t decode bytes in position 0-3: truncated uXXXX escape \u7136\u540e\u6211\u5c06 ‘u00’\u66f4\u6539\u4e3a r’u00’\u4e4b\u540e\u62a5\u53e6\u4e00\u4e2a\u9519\u8bef LookupError: ‘hex’ is not a text encoding; use codecs.encode() to handle arbitrary codecs’\u201d \u5e94\u8be5\u600e\u4e48\u89e3\u51b3\u6709\u8868\u54e5\u5417<\/p>\n<\/p><\/div>\n

\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (13<\/span>) <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : imn1 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    x \u662f\u4e2a\u6574\u6570\u5427\uff1f
    \u5b57\u7b26\u4e32+\u6574\u6570 \u4e0d\u5bf9 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : N0phone <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @imn1 \u662f\u4e2a HEX \u7f16\u7801\u5b8c\u7684\u5341\u516d\u8fdb\u5236\u6570\u554a\uff0c \u6211\u600e\u4e48\u4fee\u6539\u4e3b\u9898\u554a \u8fd9\u4e2a\u6392\u7248\u600e\u4e48\u8fd9\u6837 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : TEwrc <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u6709\u4e00\u8bf4\u4e00\u8fd9\u6392\u7248\u4e0d\u60f3\u770b\u3002\u3002\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : imn1 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u8bd5\u8bd5 str(x)
    \u6211\u4e0d\u592a\u719f py2 \u7684\u7f16\u7801\u673a\u5236<\/p>\n

    \u5982\u679c\u6309 py3 \u7684\u7406\u89e3\uff0c\u8fd9\u4e2a\u7a0b\u5e8f\u5c31\u662f\u9519\u7684\uff0clines \u662f\u5b57\u8282\u4e32\uff0cx \u4e5f\u5c31\u662f line[i:i+2] \u662f\u53cc\u5b57\u8282
    \u53cc\u5b57\u8282\u524d\u9762\u52a0 u00\uff0c\u8fd9\u4e2a\u903b\u8f91\u5b8c\u5168\u6ca1\u7406\u89e3<\/p>\n

    \u5982\u679c payload \u672c\u8eab\u5c31\u662f str \u7684\u8bdd\uff0c\u7528 json \u6a21\u5757\u76f4\u63a5\u8f6c json \u4e32\u597d\u50cf\u66f4\u7b80\u5355 <\/p><\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : N0phone <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @TEwrc \u6211\u53d1\u5e16\u7684\u65f6\u5019\u662f\u6362\u884c\u7684 \u597d\u5947\u602a \u600e\u4e48\u4fee\u6539\u4e3b\u9898\u5185\u5bb9\u554a\u6ca1\u627e\u5230\u3002\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : N0phone <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @imn1 \u903b\u8f91\u5c31\u662f \u5b57\u7b26\u4e32\u5148 hex \u7f16\u7801 \u7136\u540e\u6bcf\u4e24\u4e2a\u5b57\u8282\u53d6\u4e00\u4e2a \u7ec4\u5408\u518d\u524d\u9762\u52a0\u4e0au00 \u6784\u6210u00xx \u8fd9\u6837\u80fd\u88ab json decode \u7684\u5f62\u5f0f <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : imn1 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    unicode \u6ca1\u6709 6 \u4f4d\u7f16\u7801\uff0c\u4e14 00 \u5f00\u5934\u7684\u5b57\u7b26
    \u53ea\u6709 u0000-u00ff
    u001234 \u662f\u9519\u8bef\u7684\uff0cu1234 \u624d\u662f\u6b63\u786e\u7684 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : N0phone <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @imn1 \u5bf9\u7684\u6309\u7167\u6211\u7684\u903b\u8f91\u6bcf\u6b21\u53d6\u4e24\u4e2a\u5b57\u8282\u4e0d\u662f\u5e94\u8be5\u53ea\u6709u00xx \u5417 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : imn1 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u7b97\u4e86\uff0c\u6211\u4e5f\u4e0d\u4e86\u89e3 py2\uff0c\u53ef\u80fd\u4f60\u7684\u7a0b\u5e8f\u4e5f\u6ca1\u5927\u95ee\u9898\uff08 py3 \u7b2c\u4e00\u53e5\u5c31\u4e0d\u884c\u4e86\uff09
    \u6211\u5efa\u8bae\u662f\u5982\u679c payload \u662f\u5b57\u7b26\u4e32\u7684\u8bdd\uff0c\u8f6c\u6210 utf-8\uff0c\u7136\u540e json.dumps \u5c31\u8db3\u591f\u4e86 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : imn1 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @N0phone #8
    \u4e00\u4e2a\u5b57\u8282\u662f xx\uff0c\u4e24\u4e2a\u5b57\u8282\u662f xxxx <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : sudoy <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u6211\u53ef\u80fd\u4e0d\u77e5\u9053\u600e\u4e48\u5e2e\u52a9\u4f60\uff0c\u4f46\u662f\u5efa\u8bae\u4e3b\u4e0b\u6b21\u53d1\u5e16\u7684\u65f6\u5019\uff0c\u5728\u4ee3\u7801\u524d\u540e\u52a0 “`, \u5c31\u662f\u90a3\u4e2a\u8ddf\u6ce2\u6d6a\u53f7~\u5728\u540c\u4e00\u4e2a\u5efa\u7684\u7b26\u53f7\uff0c\u8fd9\u6837\u522b\u4eba\u5e2e\u4f60\u770b\u4ee3\u7801\u7684\u65f6\u5019\u770b\u5f97\u6bd4\u8f83\u6e05\u695a <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : myxingkong <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    ![Test](\/\/imgur.com\/mvRtsY8) <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : fasionchan <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u6211\u731c\u4f60\u7684 payload \u662f\u4e00\u4e2a\u5b57\u8282\u5e8f\u5217\uff0c\u5b83\u53ef\u80fd\u662f utf8 \u6216\u8005 gbk \u7f16\u7801\u7684\uff0c\u5b83\u7684 base16 \u7f16\u7801\u5e76\u4e0d\u662f\u5408\u6cd5\u7684 unicode \u5440\u2026\u2026
    \u8fd9\u6ca1\u7406\u89e3\u6587\u672c\u7f16\u7801\u7684\u7ed3\u679c\uff0c\u4e0d\u5982\u5148\u770b\u770b\u6587\u672c\u7f16\u7801\u662f\u600e\u4e48\u56de\u4e8b\uff1a https:\/\/python.fasionchan.com\/zh_CN\/latest\/practices\/coding.html<\/p>\n

    \u4e3a\u4ec0\u4e48\u8981\u81ea\u5df1\u62fc\u63a5\u5462\uff1f\u6309\u6211\u7684\u7406\u89e3\uff0c\u4f60\u628a\u6570\u636e\u89e3\u7801\u6210 unicode \u5b57\u7b26\u4e32\uff0c\u7136\u540e\u8c03 repr \u6216 json.dumps \u4e0d\u5c31\u53ef\u4ee5\u5f97\u5230uxxxx \u8fd9\u79cd\u5f62\u5f0f\u4e86\u5417\uff1f<\/p>\n

    “`
    >>> data = ‘\u6211\u4eec’
    >>> data
    ‘xe6x88x91xe4xbbxac’
    >>> data.decode(‘utf8’)
    u’u6211u4eec’
    >>> repr(data.decode(‘utf8’))[2:-1]
    ‘\\u6211\\u4eec’
    >>> json.dumps(data.decode(‘utf8’))[1:-1]
    ‘\\u6211\\u4eec’
    “` <\/div>\n<\/p><\/div>\n<\/li>\n

  • \n","protected":false},"excerpt":{"rendered":"

    \u5173\u4e8e Python \u5982\u4f55\u5904\u7406 js…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/151712"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=151712"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/151712\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=151712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=151712"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=151712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}