Curl - post form issue

Fred13 · February 4, 2019, 3:42am

I'm having an issue with curl post form, I dont' understand what I'm mising. I would like to send a post command login/password to a form, quite simple in the paper.
URL : http: // <myebsite> / login

Here the form source code :

<form action="/login_check" method="post">    

<input type="text" id="username" name="_username" value=""/>      

<input type="password" id="password" name="_password" />      

<button type="submit">Connexion</button></form>

When I submit the form from Firefox, I got the http header :

http: // <mywebsite> /login_check
Host: <mywebsite>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http: // <mywebsite> /login
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Connection: keep-alive
Cookie: PHPSESSID=qhr84cv2ecgmnmc1h5i31bf9f5
Upgrade-Insecure-Requests: 1
_username=test&_password=test
POST: HTTP/1.1 302 Found
Date: Wed, 30 Jan 2019 08:49:09 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
location: http: // <mywebsite> /login
Content-Length: 405
Content-Type: text/html; charset=UTF-8
Age: 2
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)


http: // <mywebsite> /login
Host: <mywebsite>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http: // <mywebsite> /login
Connection: keep-alive
Cookie: PHPSESSID=qhr84cv2ecgmnmc1h5i31bf9f5
Upgrade-Insecure-Requests: 1
POST: HTTP/1.1 200 OK
Date: Wed, 30 Jan 2019 08:49:10 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Content-Type: text/html; charset=UTF-8
Age: 0
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)

So I wrote this command :

curl -v -d "_username=test&_password=test" -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" -H "Content-type: application/x-www-form-urlencoded" http: // <mywebsite> /login > curl.html

Here the verbose log :

* About to connect() to <mywebsite> port 80 (#0)
*   Trying <ip>... connected
* Connected to <mywebsite> (<ip>) port 80 (#0)
> POST /login HTTP/1.1
> Host: <mywebsite>
> Accept: */*
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
> Content-type: application/x-www-form-urlencoded
> Content-Length: 42
>
} [data not shown]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0    42      0   2593 --:--:-- --:--:-- --:--:--  2593* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Wed, 30 Jan 2019 09:01:02 GMT
< Server: Apache
< X-Powered-By: PHP/5.4.37
< Set-Cookie: PHPSESSID=88vt4ekng0vb282me4b5jj4eb0; path=/
< cache-control: no-cache
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
{ [data not shown]
101 11495    0 11495    0    42  83053    303 --:--:-- --:--:-- --:--:-- 93877* Closing connection #0

In curl.html, I have the current form, without notification of the error or the succeed, depending the login I use. It's like it does nothing.

Is it because of the redirection ? or that the submit button doesn't have an id ?

Any help would be appreciated

Thank you

Neo · February 4, 2019, 4:16am

Your post request is:

POST: HTTP/1.1 302 Found

This means, more than likely, it cannot find this or there is an internal PHP error in that file.

<form action="/login_check" method="post">

Please post this file in red above and the file name on the server.

Also, post the last 25 entries from your PHP error log file.

Thanks.

Note, normally the action on the server should have an extension like:

<form action="/login_check.php" method="post">

Your server must know how to handle the request and without a file extension, this is not easy for the server to do

Fred13 · February 4, 2019, 5:01am

When I reach <mywebsite>/login_check, Im redirected to /login and I have a login error text.

Here the html code, got from curl mywebsite/login_check.

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta http-equiv="refresh" content="1;url=http :// mywebsite /login" />

        <title>Redirecting to http :// mywebsite /login</title>
    </head>
    <body>
        Redirecting to <a href="http :// mywebsite / login">http : //mywebsite /login</a>.
    </body>
</html>

I do not own the server, it's an internal website in my enterprise.

Neo · February 4, 2019, 5:11am

Fred13 ,

First of all, you cannot debug a web application if you do not have access to the web server files and log files.

Second, if you cannot provide me a copy of the exact file from the web server you are trying to access; and a copy of the PHP error log file, please post back on this topic when you have access to the files I requested.

Third, curl() is not going to help us or you debug the server side issue, so providing us a copy of the HTML output of your 302 redirect is not going to help.

If you do not have access to the file you are trying to send a post request to on the web server, I think you you should not be posting here trying to ask us to debug something you seem to be "hacking"..

Without access to the exact PHP file you are trying to access and access to error log messages, it is a waste of time to post these kind of questions here.

I'm closing this thread.

Please post back when you have full access to the web server and provide the files I requested.

Thanks.