至于宽字节注入,有人写过,我就不多写了:

https://www.91ri.org/8611.html

http://netsecurity.51cto.com/art/201404/435379_4.htm

针对iconv()函数,我就试着写了个utf-8和gbk的url编码转换

import os,urllib
print"""if u want change gbk to utf-8,please input gbk,so as input utf-8.
input exit and exit,others make u try agin"""
st = raw_input()
def utf8cwgbk(st):
    if st=="utf-8":
        print "input string"
        url1 = raw_input()
        st1 = urllib.unquote(url1)
        st2 = st1.decode("utf-8").encode("gbk")
        url2 = urllib.quote(st2)
        print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字"""
        print url1,'---',url2,'---',st1,'---',st2
        os.system('pause')
    if st=="gbk":
        print "input string"
        url1 = raw_input()
        st1 = urllib.unquote(url1)
        st2 = st1.decode("gbk").encode("utf-8")
        url2 = urllib.quote(st2)
        print """utf-8的url编码---gbk的url编码---utf-8的汉字---gbk的汉字"""
        print url1,'---',url2,'---',st2,'---',st1
        os.system('pause')
    if st=="exit":
        os.system('exit')
    else:
        print"""please try again.if u want change gbk to utf-8,please input gbk,else input utf8,finally input exit"""
        st = raw_input()
        utf8cwgbk(st)
if __name__=="__main__":
    utf8cwgbk(st)