Fixing security issue from exploit-db.com with edb-id 47772, Thanks t…

…o John V for pointing it out and suggesting a fix. I chose to simply remove the option entirly as its use is very limited and I'd rather not even have exec option in the code

www/plugins/ona_nmap_scans/report.inc.php

@@ -351,13 +351,7 @@ function rpt_output_html($form) {
             if ($record['dbip'] == "NOT FOUND") continue;
             // If it is only in the database then they should validate the ip or remove from database
             if (($record['netip'] == $record['dbip']) or ($record['netdnsname'] != $record['dbdnsname'])) {
-                $action = <<<EOL
-                        {$act_status_partial}
-                        <a title="Ping"
-                            class="act"
-                            onClick="xajax_window_submit('tooltips', 'name=>tooltips', 'window_progressbar');xajax_window_submit('tooltips', 'ip=>{$record['dbip']}', 'ping');"
-                        >Ping to verify</a> then delete as desired
-EOL;
+                $action = "Ping to verify then delete as desired";
             }
         }
 

www/winc/tooltips.inc.php

@@ -2470,21 +2470,6 @@ function get_switchport_template_select($form) {
 }
 
 
-// Simple ping function that takes an IP in and pings it.. then shows the output in a module results window
-function ws_ping($window_name, $form='') {
-
-    // If an array in a string was provided, build the array and store it in $form
-    $form = parse_options_string($form);
-
-    $output = shell_exec("ping -n -w 3 -c 3 {$form['ip']}");
-
-    $window['title'] = 'Ping Results';
-    $build_commit_html = 0;
-    $commit_function = '';
-    include(window_find_include('module_results'));
-    return(window_open("{$window_name}_results", $window));
-}
-
 /////////////////////////
 // Setup empty window with a progress bar in it
 //