Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

PHP extract() vulnerabilities

David Noren Feb 09, 2015 05:06PM UTC

Please see this post about the risks of using PHP function extract() improperly:

At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums:

Dafydd Stuttard Feb 10, 2015 11:58AM UTC Support Center agent

Thanks for your feature request. This is actually in our near-term roadmap and we hope to have a check for this and related PHP variable manipulation issues added to Burp later this year.

This question has received the maximum number of answers.