PHP Curl Forgery
http://www.yygh.net/index.php
Direct form submission, always indicates that the account does not exist. Validation should be required in the background.
I want to forge the origin of origin. I don't know how to set the origin of Origin
$ch = Curl_init (); Initialization
$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = ' actionpost=login&logintype=0&cardtype=1&userid=34262619702200379&pwd=123qwe& Validate=cndm&imagesfield.x=32&imagefield.y=11 ';
curl_setopt ($ch, Curlopt_post, 1);//set to POST mode
curl_setopt ($ch, Curlopt_postfields, $fields);
curl_setopt ($ch, here);
curl_setopt ($ch, curlopt_http_version, CURL_HTTP_VERSION_1_0); Mandatory Agreement is 1.0
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Head to send out ' Expect: '
curl_setopt ($ch, Curlopt_ipresolve, CURL_IPRESOLVE_V4); Forcing a domain name to be resolved using the IPV4 protocol
curl_setopt ($ch, Curlopt_url, $this->url);
curl_setopt ($ch, Curlopt_returntransfer, true); Returns a string rather than a direct output
$this->content=curl_exec ($ch);
Curl_close ($ch);
------to solve the idea----------------------
$cookie _file = dirname (__file__). ' /cookie.txt ';
if (Isset ($_get[' verification ')) {
$url = ' http://www.yygh.net/include/validateimg.php? '. Rand ();
$ch = Curl_init (); Initialization
curl_setopt ($ch, Curlopt_cookiefile, $cookie _file);
curl_setopt ($ch, Curlopt_url, $url);
Curl_exec ($ch);
Curl_close ($ch);
Exit
}
if (! $_post) {
$url = "http://www.yygh.net/usercenter/userinfo_action.php";
$ch = Curl_init (); Initialization
curl_setopt ($ch, Curlopt_cookiejar, $cookie _file); Storing cookies
curl_setopt ($ch, curlopt_http_version, CURL_HTTP_VERSION_1_0); Mandatory Agreement is 1.0
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Head to send out ' Expect: '
curl_setopt ($ch, Curlopt_ipresolve, CURL_IPRESOLVE_V4); Forcing a domain name to be resolved using the IPV4 protocol
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_returntransfer, true); Returns a string rather than a direct output
$content = curl_exec ($ch);
Curl_close ($ch);
Echo <<< HTML
HTML;
Exit
}else {
$ch = Curl_init (); Initialization
$url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = Array (
' Actionpost ' = ' login ',
' Logintype ' = 0,
' Cardtype ' = 1,
' UserID ' = ' 330724197712316212 ',
' pwd ' = ' 123qwe ',
' Validate ' = $_post[' code ',
Cndm&imagesfield.x=32&imagefield.y=11 ';
);
curl_setopt ($ch, Curlopt_post, 1);//set to POST mode
curl_setopt ($ch, Curlopt_postfields, $fields);
curl_setopt ($ch, Curlopt_cookiefile, $cookie _file); Use the cookies obtained above
curl_setopt ($ch, curlopt_http_version, CURL_HTTP_VERSION_1_0); Mandatory Agreement is 1.0
curl_setopt ($ch, Curlopt_httpheader, Array (' Expect: ')); Head to send out ' Expect: '
curl_setopt ($ch, Curlopt_ipresolve, CURL_IPRESOLVE_V4); Forcing a domain name to be resolved using the IPV4 protocol
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_returntransfer, true); Returns a string rather than a direct output
$content = curl_exec ($ch);
Curl_close ($ch);
Echo $content;
}
Please verify the correctness of user information