Fake Referrer
Here is an example of how easy it is to fake the $_SERVER['HTTP_REFERER'] and $_SERVER['HTTP_USER_AGENT'] in PHP. This is a clear example of why you should NOT use these two variables as your only means of validation.
[php]
<?php
// THIS CREATES A FAKE USER AGENT
ini_set('user_agent','My Fake Browser');
// THIS CREATES A FAKE REFERRER
$host = "www.syntax******.info";
$referrer = "www.fake_referrer.com";
$file = "test.php";
$hdrs = array( 'http' => array(
'header' => "accept-language: en\r\n" .
"Host: $host\r\n" .
"Referer: http://$referrer\r\n" .
"Content-Type: text/plain\r\n"
)
);
$context = stream_context_create($hdrs);
$fp = fopen("http://" . $host . "/" . $file, 'r', false, $context);
fpassthru($fp);
fclose($fp);
?>
[/php]
Last edited by SyntaXmasteR; 09-19-2007 at 05:02 PM.
[url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
[url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
[url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
--------------------------------
[URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
[URL=http://www.syntax******.info]Comming Soon[/URL]
Reply With Quote