If fsokopen function is enabled on the server then may it cause vulnerability to the server? I have heard that it may cause exploitable threats on the server. Please so let me know if anyone knows.....
Well...in general, no. fsockopen() is an "outbound" function; it does not sit there waiting for inbound connections the way a socket "accept" call does. You can only use it to initiate outbound connections to which the connected server will then respond. Now, if the server you connect to tries to exploit your system, then yes, you might have a problem. Also, if you create a server in php using the low-level socket functions (socket_create, socket_listen, socket_accept, etc.) you might very well open yourself up to a vulnerability, because now you're sitting there open to the world, waiting for someone to try and connect to you and break in. However, low-level socket functions are not compiled by default into PHP (e.g., --with-sockets is not enabled by default), and as of PHP 5.3.0 the entire library has being moved into PECL anyhow, so you'd really have to go out of your way to install it. All of that said, is there some specific scenario you had in mind?