Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why PHP function `curl_exec ` should be disabled?

Tags:

security

php

curl

As you know there's some php functions to be disabled on shared hosting environments. Searching the Google, I found many lists of these functions. one of these functions is curl_exec, I can't understand why this function should be disabled? How this function could be vulnerable?

like image 453
Ehsan Avatar asked Jul 15 '10 05:07

Ehsan


2 Answers

It could be used to create a request loop on itself, which would lock the server. It could also be used to impersonate the site or proxy requests. If those are good enough reasons to disable curl_exex, really depends how much you trust the code.

like image 67
Kendall Hopkins Avatar answered Sep 25 '22 16:09

Kendall Hopkins


I can't comment on why your shared hosting provider has disabled it, but it may be simply to disallow you to script interactions with other websites (possibly to send spam, launch DoS attacks act as a proxy, etc.)

Here is an explanation from another hosting provider I found:

No, you can not enable curl_exec() from cPanel. Please be informed that we have disabled curl_exec() function on our shared server due to security reasons and we can not enable it.

Curl_exec() allows anyone to remotely fetch data from other remote web server and also download & upload files from remote servers.

like image 34
pkaeding Avatar answered Sep 26 '22 16:09

pkaeding