Anyone know what this code does?

mctDarren

Well-Known Member
Jan 6, 2004
665
8
168
New Jersey
cPanel Access Level
Root Administrator
It's a call to the cURL library within PHP. See http://curl.haxx.se for more info.

The script as shown takes the string passed via the query string and redirects to that URL and stores the resulting page within the string variable "ch". Theoretically it could be used to download something to the person's home directory, but it looks as though they aren't doing anything with the result, just grabbing the page. Still, grabbing a URL from an unchecked querystring on an open system is (to me at least) a security hazard.
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,723
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
I had a new customer sign up and upload a php file with this:

<?php
$desturl=$_SERVER['QUERY_STRING'];
$ch = curl_init($desturl);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REFERRER']);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
#curl_setopt($ch, CURLOPT_COOKIEJAR, '-'); //we'll try it and see what happens.... =)
curl_exec($ch);
curl_close($ch);
?>

I have ano idea what;s it's for actually.

Thanks, Charles