PHP extract() vulnerabilities
Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/
At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums: http://forum.portswigger.net/thread/1540/scanner-test-php-extract-vulnerability
Thanks for your feature request. This is actually in our near-term roadmap and we hope to have a check for this and related PHP variable manipulation issues added to Burp later this year.
This question has received the maximum number of answers.