JavaScript大小写特性
发表于:2025-12-10 | 分类: trick

JavaScript大小写特性

这个特性在CTF比赛中好像挺常见的,之前打ctf的时候遇到过

toUpperCase是javascript中将小写转换成大写的函数。toLowerCase是javascript中将大写转换成小写的函数

用ai来写一个fuzz脚本,看一看哪些字符在经过toUpperCase转换后,是大写字母A-Z

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
public class UnicodeCaseAnalysisUpper {

    public static String fromCodePoint(int codePoint) {
        if (codePoint < 0 || codePoint > Character.MAX_CODE_POINT) {
            throw new IllegalArgumentException("Invalid code point: " + codePoint);
        }
        return new String(Character.toChars(codePoint));
    }

    public static void main(String[] args) {
        List<String> results = new ArrayList<>();

        for (char upperChar = 'A'; upperChar <= 'Z'; upperChar++) {
            for (int codePoint = 0; codePoint <= 0xFFFF; codePoint++) {
                try {
                    String lowerChar = fromCodePoint(codePoint);
                    String upperCase = lowerChar.toUpperCase();

                    if (upperCase.equals(String.valueOf(upperChar)) &&
                        !lowerChar.equals(upperCase)) {
                        results.add("Character: " + lowerChar +
                                    " (U+" + Integer.toHexString(codePoint).toUpperCase() +
                                    ") -> " + upperChar);
                    }
                } catch (IllegalArgumentException e) {
                    continue;
                }
            }
        }

        // 输出结果
        System.out.println("Unicode lowercase characters mapping to A-Z:");
        for (String result : results) {
            System.out.println(result);
        }

        System.out.println("\nTotal characters found: " + results.size());
    }
}

运行后可以看到,多出来两个比较奇怪的字符ıſ

ı经过toUpperCase转换后是_I_ſ经过toUpperCase转换后是S,我们可以通过这个特性来绕waf等操作

同样toLowerCase也有较为特别的字符,同样写出Fuzz脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
public class UnicodeCaseAnalysisLower {

    public static String fromCodePoint(int codePoint) {
        if (codePoint < 0 || codePoint > Character.MAX_CODE_POINT) {
            throw new IllegalArgumentException("Invalid code point: " + codePoint);
        }
        return new String(Character.toChars(codePoint));
    }

    public static void main(String[] args) {
        List<String> results = new ArrayList<>();

        // 遍历 a-z 每个小写字母
        for (char lowerChar = 'a'; lowerChar <= 'z'; lowerChar++) {
            // 遍历 Unicode 基本多文种平面 (BMP) 的代码点
            for (int codePoint = 0; codePoint <= 0xFFFF; codePoint++) {
                try {
                    String upperChar = fromCodePoint(codePoint);
                    String lowerCase = upperChar.toLowerCase();

                    // 检查是否匹配当前小写字母且不是自身
                    if (lowerCase.equals(String.valueOf(lowerChar)) &&
                            !upperChar.equals(lowerCase)) {
                        results.add("Character: " + upperChar +
                                " (U+" + Integer.toHexString(codePoint).toUpperCase() +
                                ") -> " + lowerChar);
                    }
                } catch (IllegalArgumentException e) {
                    // 跳过无效的代码点
                    continue;
                }
            }
        }

        // 输出结果
        System.out.println("Unicode uppercase characters mapping to a-z:");
        for (String result : results) {
            System.out.println(result);
        }

        System.out.println("\nTotal characters found: " + results.size());
    }
}

看到经过toLowerCase转换后变成了k,也可以作为绕waf的一个点

trick
上一篇:
Error Based XXE
下一篇:
Java环境下xxe结合jar协议实现缓存