Using PHP and cURL to submit POST requests to a website

  • PHP
  • Thread starter Jamin2112
  • Start date
  • Tags
    Curl Php
In summary, using PHP and cURL allows for the submission of POST requests to a website, which is a common method for sending data to a server. This can be useful for creating interactive and dynamic web applications, as well as for automating tasks such as form submissions or API calls. cURL is a popular PHP library that provides a simple and efficient way to handle HTTP requests, making it a valuable tool for developers working with web-based systems. By utilizing PHP and cURL, developers can easily send POST requests and retrieve data from a website, making it a powerful tool for creating robust and efficient web applications.
  • #1
Jamin2112
986
12
Here's the setup:

I'm trying to write a PHP script to spam my buddy's website. He has given me full permission to try and do so. I have a very rudimentary understanding of HTTP protocols and am probably doing something wrong, because my attempt hasn't been working.

Here's my PHP script:

Code: 
<!DOCTYPE html>
<html>
<head>
<title>attack script</title>
</head>
<body>
<?php
 
/*  ------------ Functions needed for attack  --------------------- */
 
function rand_str($len)
{
    $str = "";
    while ($len-- > 0)
    {
        $val = rand(0,1) ? rand(ord("A"),ord("Z")) : rand(ord("a"),ord("z"));
        $str .= chr($val); 
    }
    return $str;
}
 
/*  ----------------- Misc. preprocessing  -------------------- */
date_default_timezone_set('America/Los_Angeles');
 
 
/*  ----------------- Initialize new cURL session -------------------- */
 
$curl = curl_init();
$page_url = "[PLAIN]http://feucht.us/blog";[/PLAIN] 
$funct_url = "[PLAIN]http://feucht.us/blog/wp-comments-post.php";[/PLAIN] 
curl_setopt($curl, CURLOPT_URL, $funct_url);
 
 
/*  ---------------------- Begin attack  ----------------------------- */
 
echo("<h1>Comment spam run on <i>". $page_url . "</i> on " . date("d-m-Y h:i:s") . "</h1>");
echo("<h3><b>RESULTS:</b></h3>");
$num_coms = 10; /* # of comments to post */
$wait_period = 1; /* # of seconds to wait between posting each comment */
$name_length_bounds = array(5,20); /* min and max length of random name to be generated */
$alias_length_bounds = array(8,15); /* min and max length of random email prefix to be generated */
$email_length_bounds = array(3,10); /* min and max length of random email provider to be generated */
$comment_length_bounds = array(5, 40); /* min and max length of random comment to be generated */
while ($num_coms-- > 0)
{
  /* Pause between the posting of comments: */
  sleep($wait_period);
  
  /* Initialize random names, email addresses and comments: */ 
  $rname = rand_str(rand($name_length_bounds[0], $name_length_bounds[1]));  
  $remail = rand_str(rand($alias_length_bounds[0], $alias_length_bounds[1])) . "@" . rand_str(rand($email_length_bounds[0], $email_length_bounds[1])) . ".com";
  $rcomment = rand_str(rand($comment_length_bounds[0], $comment_length_bounds[1]));
  
  /* Create POST request string from random text and add to cURL object */
  $post_string = "author=" . $rname . "&email=" . $remail . "&comment=" . $rcomment;
  curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);
  /* Execute the request and print out whether it succeeded or failed. */
  echo(curl_exec($curl) ? "<hr><p><span style='color:green'>Successfully submitted</span>" : "<hr><p><span style='color:red'>Did not successfully submit</span>");
  echo(" POST request <b>" . $post_string . "</b></p><p>to</p><p><b>" . $funct_url . "</b></p>");
}
 
?>
</body>
</html>

Since that's probably unreadable, here's a link to a pretty version:

https://gist.github.com/anonymous/22457214c34564647eea

The code, as is, attempts to generate 10 random comments (Once I get this working, I'll change that number to 1,000,000,000,000 hahah) using random strings for the 3 fields that need to be filled out in a comment, author, email and comment. Those correspond to 3 names of input elements inside a
Code: 
form
element with action wp-comments-post.php and method post.

So the crucial parts of the code are where I try to use a cURL object to issue post requests:

Code: 
$curl = curl_init();

and

Code: 
$funct_url = "[PLAIN]http://feucht.us/blog/wp-comments-post.php";[/PLAIN]

and

Code: 
curl_setopt($curl, CURLOPT_URL, $funct_url);

and

Code: 
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);

and

Code: 
curl_exec($curl)

That sequence should do what I want, no? I was trying to following this documentation: http://codular.com/curl-with-php

Any help greatly appreciated.
 
Last edited by a moderator:
Technology news on Phys.org
  • #2
"my attempt hasn't been working" does not give us much info to analyse. Explain what happens and why you think it is not working.
 
  • #3
voko said:
"my attempt hasn't been working" does not give us much info to analyse. Explain what happens and why you think it is not working.

curl_exec($curl) is returning true, but the comments are not being posted on his page. I know his comment posting function checks for valid email addresses, but I've tested and seen that anything of the form

string1 + "@" + string2 + ".com"​

works, so I don't think it's a problem with that or with
 
  • #4
voko said:
"my attempt hasn't been working" does not give us much info to analyse. Explain what happens and why you think it is not working.

curl_exec($curl) is returning true, but the comments are not being posted on his page. I know his comment posting function checks for valid email addresses, but I've tested and seen that anything of the form

string1 + "@" + string2 + ".com"​

works, so I don't think the problem is that or anything related to an error in the type of text I'm submitting.
 
  • #5
From the example at http://curl.haxx.se/libcurl/php/examples/simplepost.html , it seems that you need to have this: curl_setopt($ch, CURLOPT_POST, 1);

But in fact many things could go wrong, including processing on the other end. To be completely sure that your side is OK, you would need to dump the data sent on the connection and check that it looks like a valid HTTP POST request.
 
Last edited by a moderator:
  • #6
voko said:
From the example at http://curl.haxx.se/libcurl/php/examples/simplepost.html , it seems that you need to have this: curl_setopt($ch, CURLOPT_POST, 1);

True. I'll fix that.

But in fact many things could go wrong, including processing on the other end. To be completely sure that your side is OK, you would need to dump the data sent on the connection and check that it looks like a valid HTTP POST request.

I'll do that and report back.
 
Last edited by a moderator:
  • #8
You say curl_exec() returns true indicating success.

What does "success" mean?

Let's say curl successfully runs, successfully contacts the destination webserver, and successfully transmits your message. However, the server is responding with "200 OK" and "Busy, please try again later!" instead of adding the comment. What then does curl_exec() return? How does it know it "failed" or what you consider "failure"?

With web you have to be prepared to receive almost anything from the remote system, and you need to check its response carefully. I would start by looking at the response code the webserver sends you back.
 

Related to Using PHP and cURL to submit POST requests to a website

1. How do I use PHP and cURL to submit POST requests to a website?

To use PHP and cURL to submit POST requests to a website, you will need to create a cURL handle using the curl_init() function, set the necessary options for the request using curl_setopt(), and then use curl_exec() to send the request and retrieve the response from the website.

2. What is the difference between a GET request and a POST request?

A GET request is used to retrieve data from a server, while a POST request is used to send data to a server. GET requests append the data to the end of the URL, while POST requests send the data in the request body. POST requests are typically used for more sensitive information, such as login credentials or credit card information.

3. How do I pass data in a POST request using cURL?

Data can be passed in a POST request using the curl_setopt() function. The CURLOPT_POSTFIELDS option allows you to specify the data to be sent in the request body. This data can be in the form of an array or a URL-encoded string.

4. How do I handle the response from a POST request using cURL?

After sending a POST request using cURL, you can use the curl_exec() function to retrieve the response from the website. This response can then be stored in a variable and manipulated as needed, such as decoding JSON data or parsing HTML.

5. Are there any security concerns when using cURL to submit POST requests?

Yes, there are potential security concerns when using cURL to submit POST requests. It is important to properly validate and sanitize any data being sent in the request to prevent injection attacks. Additionally, using HTTPS instead of HTTP can help to secure the transmission of sensitive data.

Similar threads

Fortran Identify explicit shape spec list in the FORTRAN code
    • Programming and Computer Science
Replies
1
Views
2K

Hot Threads

Recent Insights

Back
Top