Burp Suite User Forum

Create new post

PHP extract() vulnerabilities

David | Last updated: Feb 09, 2015 05:06PM UTC

Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums: http://forum.portswigger.net/thread/1540/scanner-test-php-extract-vulnerability

PortSwigger Agent | Last updated: Feb 10, 2015 11:58AM UTC

Thanks for your feature request. This is actually in our near-term roadmap and we hope to have a check for this and related PHP variable manipulation issues added to Burp later this year.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.