Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
php header spoofing
I was wondering if there is a way to make an html POST data request that you can send to a remote site, something like
<body>
<form method="POST" name="jay" id="jay"> action="http://www.somesite.com/application.php">
<input type='hidden' name='change' value='display'>
<input type='hidden' name='account' value='24335'>
</form>
<script type="text/javascript" language="JavaScript">
document.jay.submit()
</script>
</body>
</html>```
and also use php to edit the header information sent along with that same request, such as the referer?
Or would it be be smarter to re-write the whole POST request in php?
And if that is the case should I start a new thread about how I would go about doing that or would someone be willing to answer that here too?
Thanks for the help everyone.
You might be thinking about something like this:
Thanks Uberon that is a cool utility, that will definitely come in handy. So I have a form to send the POST request, now I just need to spoof the referer so that the post data will be accepted. Ya I think your right faralas, cURL would be the way to go. But in that case I need to know, do I need to re-write that html form in cURL? Or can I use cURL to just spoof the referer and send that html POST request? Here is some code that looks very simple and SHOULD be working.
$ch = curl_init('http://babelfish.altavista.com/tr');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "&doit=done&intl=1&tt=urltext&trtext=This+is+a+test&lp=en_de&btnTrTxt=Translate");
curl_exec ($ch);
curl_close ($ch);
?>```
It looks like it connects to the site and executes the POST request with the post query I gave it but when I execute this nothing happens??
I have a free subdomain that supports php and the cURL library so I know thats not the issue.
Now the cURL application below works as far as sending back the html code of the page I sent it to but it doesn't execute the POST request and carry out the actions I was hoping....
```markup<?php
$postData['option'] = "com_content";
$postData['task'] = "blogcategory";
$postData['id'] = "24";
$postData['Itemid'] = "55";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://somesite.com/index.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); // User-agent
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_REFERER, "http://somesite.com/index.php");
$response = curl_exec($ch);
$response = htmlspecialchars($response);
echo "<pre>".$response."</pre>";
curl_close($ch);
?>```
I am just starting php coding and only know the basics, so if someone could please lend a hand in putting my html form similar to the one made from "http://www.whiteacid.org/misc/xss_post_forwarder.php" into php/cURL it would be a huge help. And also possibly refer me (no pun intended) to a good php tutorial that talks about some advanced functions that would be great. Thanks again.