The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone know what this code does?

Discussion in 'General Discussion' started by mctDarren, Apr 10, 2006.

  1. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    It's a call to the cURL library within PHP. See http://curl.haxx.se for more info.

    The script as shown takes the string passed via the query string and redirects to that URL and stores the resulting page within the string variable "ch". Theoretically it could be used to download something to the person's home directory, but it looks as though they aren't doing anything with the result, just grabbing the page. Still, grabbing a URL from an unchecked querystring on an open system is (to me at least) a security hazard.
     
  2. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    What do you mean? Sorry confused.
     
  3. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    O.k. I see now... yep that's annoying.
     
  4. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    I had a new customer sign up and upload a php file with this:

    <?php
    $desturl=$_SERVER['QUERY_STRING'];
    $ch = curl_init($desturl);
    curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REFERRER']);
    curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
    #curl_setopt($ch, CURLOPT_COOKIEJAR, '-'); //we'll try it and see what happens.... =)
    curl_exec($ch);
    curl_close($ch);
    ?>

    I have ano idea what;s it's for actually.

    Thanks, Charles
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    what is with these time differences lately here? Very annoying!
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It looks to me like it could be being used to test that curl works, perhaps they wanted to use curk so uploaded that test script early on to check whether curl worked?
     
Loading...

Share This Page