We normally don't post security announcements, if you want these on a regular basis you should probably be following bugtrack or security focus.  But I found these ones to be of pretty important note, since there are some pretty large vulnerabilites here and since php is such a widely used language on a number of corporate and government, not to mention activist sites.  I hope that our readers will use the information here wisely in their pursuits.  Read on for the vulnerabilities...

When I first found out about WWW::Mechanize, a library for scripting web browsing (think curl on sterroids), I was stoked. It presents a simple way to do things from the command line like; randomly poll craigslist for sought after items, abuse online polls, and even unit testing your websites. An implementation of Mech is available for python and ruby, but sadly not for php. After recently working on writing some drupal simpletest scripts I was exposed to the php simpletest library, which includes a standalone scriptable browser library, which is essentially the same as WWW::Mechanize. To show how easy it is to write a php script with this library I have included some example code below for polling summaries of all content from hackbloc. But remember this isn't a good tool for doing DOS work because this browser respects the HTTP specification of not making more then 2 concurrent requests to the same domain (BTW, have you checked out ab).

<?php
require_once('simpletest/browser.php');
//if we wanted to cast like a million votes we would send all of our requests
//through tor by uncommenting the commented lines below
//while (1) {
$browser = &new SimpleBrowser();
//$browser->setProxy('127.0.0.1:9050');
$browser->get('http://hackbloc.org');
$browser->setField('choice', 5);
$browser->click('Vote');
//}
?>