Might be an idea to run the variable through escapeshellcmd() before passing it to system(). Also the extract($_POST) ain't really a good idea as you're basicly doing what register_globals once did. Generally extract should only be used within a fuction or method scope unless you're 120% sure what the content of the array is.
Secure NMAP / NESSUS frontend using PHP
in Applications & Coding
Posted
Might be an idea to run the variable through escapeshellcmd() before passing it to system(). Also the extract($_POST) ain't really a good idea as you're basicly doing what register_globals once did. Generally extract should only be used within a fuction or method scope unless you're 120% sure what the content of the array is.