So I found the script: http://forums.digitalpoint.com/showpost.php?p=1020284&postcount=8 The only thing is that I have no idea how he figured out to inject the HTTP headers. I tried it without the header injection and it doesn't work. I'm using ethereal (packet sniffer) and it's not showing the same headers on a successfull login. Did this guy use trial and error, or am I missing something?
He watched the headers during the login process in MySpace. Firefox's "Live HTTP Headers" plugin makes this trivial. Simply created the PHP code to emulate what a browser does.